JWT Policy using local jwks

my3sons · April 5, 2019, 12:04pm

I see that Envoy api supports a file based jwks using something like:

local_jwks:
filename: /etc/envoy/jwks/jwks1.txt

Looking through the Istio JWT examples and source code, I am not clear as to whether this is supported yet via the Istio authentication implementation. Everything seems to simply reference the usage of jwksUri: “https://myjwksendpoint.com”

Can someone please clarify if Istio does support either using a local file or inline string for the jwks?

Thanks!

Oliver · April 5, 2019, 6:45pm

@YangminZhu @liminwang

YangminZhu · April 5, 2019, 7:04pm

This is currently not supported in the JWT API, we have plans to support using inline string, probably in Istio 1.3. There is no plan to support local file for now.

Topic		Replies	Views
Istio 1.7 - JWT authentication policy problem Security	8	2284	September 23, 2020
Local JWKS HTTP service	11	3966	July 21, 2019
Istio set token claims as header to upstream Security security	1	1560	July 11, 2022
gRPC JWT Authentication not enforced Security	8	2437	July 2, 2019
Envoy lua handler network issues	0	466	May 8, 2020

JWT Policy using local jwks

Related topics