JWT Policy using local jwks

my3sons · April 5, 2019, 12:04pm

I see that Envoy api supports a file based jwks using something like:

local_jwks:
filename: /etc/envoy/jwks/jwks1.txt

Looking through the Istio JWT examples and source code, I am not clear as to whether this is supported yet via the Istio authentication implementation. Everything seems to simply reference the usage of jwksUri: “https://myjwksendpoint.com”

Can someone please clarify if Istio does support either using a local file or inline string for the jwks?

Thanks!

Oliver · April 5, 2019, 6:45pm

@YangminZhu @liminwang

YangminZhu · April 5, 2019, 7:04pm

This is currently not supported in the JWT API, we have plans to support using inline string, probably in Istio 1.3. There is no plan to support local file for now.

Topic		Replies	Views
Istio 1.7 - JWT authentication policy problem Security	8	2001	September 23, 2020
Local JWKS HTTP service	11	3576	July 21, 2019
Istio set token claims as header to upstream Security security	1	1369	July 11, 2022
gRPC JWT Authentication not enforced Security	8	2298	July 2, 2019
Configuring JWT with requestauthentication does not work in istio 1.5	2	1650	June 23, 2021

JWT Policy using local jwks

Related Topics