Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT authn: Logging for cache refresh for JWKS #34000

Open
aniketmasule opened this issue May 7, 2024 · 2 comments
Open

JWT authn: Logging for cache refresh for JWKS #34000

aniketmasule opened this issue May 7, 2024 · 2 comments
Labels
area/jwt_authn question Questions that are neither investigations, bugs, nor enhancements

Comments

@aniketmasule
Copy link

aniketmasule commented May 7, 2024
edited

Title: Logging for cache refresh for JWKS

Description:
I am using jwt filter for authentication, using remote_jwks to provide remote jwks uri and using cache_duration to configure cache refresh interval.
I have a query regarding following scenario:
When rotating signing keys, we begin by advertising the new key's on remote URI. Then, we activate it, and new tokens are signed with these new keys. However, I'm unable to determine if the new key has been cached successfully before activating new keys. Is there a method to log the cached keys or somehow check the cache?
Additionally, I cannot obtain tokens with the new key until I activate the new signing keys.

Relevant Links:
https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter#config-http-filters-jwt-authn
@aniketmasule aniketmasule added the triage Issue requires triage label May 7, 2024
@aniketmasule aniketmasule changed the title JWT authnLogging for cache refresh for JWKS JWT authn: Logging for cache refresh for JWKS May 7, 2024
@phlax phlax added question Questions that are neither investigations, bugs, nor enhancements area/jwt_authn and removed triage Issue requires triage labels May 8, 2024
@phlax
Copy link
Member

phlax commented May 8, 2024

cc @TAOXUY @lizan

@aniketmasule
Copy link
Author

Hi @TAOXUY @lizan, Kindly let me know if you have any inputs on above query?

@aniketmasule aniketmasule reopened this May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/jwt_authn question Questions that are neither investigations, bugs, nor enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phlax @aniketmasule