Auth: support JWT Authentication (#29995)

2025-02-25 18:55:37 -06:00 · 2021-03-31 15:40:44 +00:00
parent 1446d094b8
commit 39a3b0d0b0
22 changed files with 1444 additions and 4 deletions
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -337,7 +337,7 @@
 # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
 ;disable_login_form = false

-# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
+# Set to true to disable the sign out link in the side menu. Useful if you use auth.proxy or auth.jwt, defaults to false
 ;disable_signout_menu = false

 # URL to redirect the user to after sign out
@@ -488,6 +488,18 @@
 # Read the auth proxy docs for details on what the setting below enables
 ;enable_login_token = false

+#################################### Auth JWT ##########################
+[auth.jwt]
+;enabled = true
+;header_name = X-JWT-Assertion
+;email_claim = sub
+;username_claim = sub
+;jwk_set_url = https://foo.bar/.well-known/jwks.json
+;jwk_set_file = /path/to/jwks.json
+;cache_ttl = 60m
+;expected_claims = {"aud": ["foo", "bar"]}
+;key_file = /path/to/key/file
+
 #################################### Auth LDAP ##########################
 [auth.ldap]
 ;enabled = false