Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support authentication using a JSON web token (JWT) #93 #100

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Commits on Aug 7, 2019

  1. Support authentication using a JSON web token (JWT) Netflix#93

    * Created new configuration section for JWT Auth
     - Configure a JWK to verify a JWT signature
     - Configure requried signature algorithms
     - Configure required audience and issuer claims
     - Configure name of username claim
    * Added code block in lambda_handler_user to validate JWT if configured
     - Require remote_usernames == bastion_user
     - Require valid JWT signature, expiry, and signature algorithm
     - Require username_claim in JWT
     - Require username_claim == bastion_user
    * Added unit tests for config and JWT validation
    stoggi committed Aug 7, 2019
    Configuration menu
    Copy the full SHA
    cce9d5c View commit details
    Browse the repository at this point in the history

Commits on Nov 4, 2019

  1. Fix marshmellow verison, and prevent jose from verifying access token…

    … hash
    
    * Pin marshmellow to a version less than 3. This might be fixed in Netflix#99
    * Disable at_hash verification if present in the JWT, since the bless lambda doesn't have access to the a hash of the access token.
    stoggi committed Nov 4, 2019
    Configuration menu
    Copy the full SHA
    24af4b4 View commit details
    Browse the repository at this point in the history