- 
                Notifications
    You must be signed in to change notification settings 
- Fork 4.5k
Allow RSA key used for JWT to be specified as a file path #6271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| Codecov Report
 @@            Coverage Diff             @@
##           master    #6271      +/-   ##
==========================================
+ Coverage   60.02%   60.31%   +0.28%     
==========================================
  Files         153      153              
  Lines       12494    12510      +16     
  Branches     1692     1694       +2     
==========================================
+ Hits         7500     7545      +45     
+ Misses       4781     4744      -37     
- Partials      213      221       +8     
 | 
| The concept of the PR sounds useful. Any idea how feasible it would be to get the Codecov test happy? 😄 | 
| I'll see if I can contrive a test for http as well. This code does not have existing tests, but Codecov is complaining because I moved some of the logic around. | 
| Cool, sounds like a plan. 😄 | 
c0fae61    to
    c0407b0      
    Compare
  
    - auth_jwt_auth_public_certs_url may file:// in addition to http/https - Log an error if payload does not contain an email address
c0407b0    to
    241ea41      
    Compare
  
    | I didn't want to introduce another pip dev dependency, but JWK is difficult to craft by hand. | 
| @justinclift I'd say this change is ready to go | 
| 
 Sounds like a sensible compromise. 😄 | 
| @wlach @gaecoli @guidopetri Anyone interested in reviewing this PR? 😄 | 
| I have been using https, I hope to enable file and https/http options, otherwise there is no way to use it For old users. | 
| 
 This PR should not change existing behavior, only add the ability to specify a private key from a file path | 
| 
 Ok, LGTM! | 
| Awesome. Just merged this, and the PR on the website repo which documents it a bit. 😄 | 
…6271) - auth_jwt_auth_public_certs_url may file:// in addition to http/https - Log an error if payload does not contain an email address
auth_jwt_auth_public_certs_urlmay file:// in addition to http/httpsWhat type of PR is this?
Description
How is this tested?
Background
This feature allows another application to craft a JWT token to automatically log into redash.
Formerly this was possible, but the RSA public key had to be on an HTTP server. A file path is less complex and easier to secure.