In the example, jwksuri is a program I wrote, which returns jwks JSON, but after configuration, it doesn’t work.
If you change jwksuri to jwks, it works.
he above problem about jwksUri is invalid, mainly due to the operation mechanism of RequestAuthentication. When the RequestAuthentication configuration takes effect,
jwksUri is triggered every 20 minutes by RequestAuthentication to get the latest new jwks.
jwksUri: “http: // http://172.168.50.229:8081/ istiojwt / getJWK” is the jwt service I wrote. This address is triggered every 20 minutes by RequestAuthentication to generate new jwks and tokens (stored in redis on the server). The valid time of the token is greater than or equal to 20 minutes.
The jwt service provides the “/ istiojwt / getToken” interface, which returns the token cached by the server.
hi I have the same outcome in istio 1.10
when I declare the requestAuthentication on the ingress workflow it works perfectly
but when I try to declare it on a specific service workflow on another namespace (default instead of istio-system) it is ignored. adding the same AuthorizationPolicy that verifies the jwt exists that works on the ingress. fails every command on the specific workflow…