HS512 support
tsn77130 opened this issue · 3 comments
tsn77130 commented
Hi team, as said by in issue #11, thanks for this great job and associated documentation.
I was wondering if there is any chance you also add support for HS512 ?
thanks
NickMRamirez commented
@tsn77130 I've added a new branch called issue-13 that should work for HS512, but since Auth0 only supports HS256 I will need to find another auth provider to use for testing.
To expedite it, can you test it on your end and let me know if it works?
- Checkout the issue-13 branch
- Replace /usr/local/share/lua/5.3/jwtverify.lua with the file from that branch
- In the
globalsection of haproxy.cfg, add your HMAC secret.
for example:
setenv OAUTH_HMAC_SECRET E57lT71DHOHK1eeOlMjatvUtUg6ejFZ8
Then test the client credential auth flow.
tsn77130 commented
@NickMRamirez Just tested your dev, it works great with HS512
2021-06-03T15:12:42.503859+02:00 intweb10 haproxy[9317]: Decoded JWT header: { ["typ"] = JWT,["alg"] = HS512,}
2021-06-03T15:12:42.503874+02:00 intweb10 haproxy[9317]: Decoded JWT payload: { ["debug"] = false,["roles"] = { [1] = retailer,} ,["iat"] = 1622725351,["exp"] = 1622811751,["aud"] = api.xx.com,["sub"] = 7170,["iss"] = api.xx.com,["retailer_id"] = 134,["login"] = user44}
2021-06-03T15:12:42.503904+02:00 intweb10 haproxy[9317]: req.authorized = true
Thanks a lot for that
NickMRamirez commented
Great! I will merge this change.