Skip to content

Adding JWT payload compression #1630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tchiotludo merged 2 commits into from
Dec 17, 2023
Merged

Adding JWT payload compression #1630

tchiotludo merged 2 commits into from
Dec 17, 2023

Conversation

@AlexisSouquiere
Copy link
Collaborator

@AlexisSouquiere AlexisSouquiere commented Dec 11, 2023

Fix #1621
Fix #1585

After rewriting the authorization feature, the JWT token contains now more information than before (clusters regex for instance).

The 4Kb cookie constraint is invariant unless we change the micronaut.security.authentication.cookie to bearer to store the JWT token in the browser storage and send in in the Authorization header.

Some users raised that AKHQ doesn't work with bearer auth and OIDC providers like Keycloak. So no way exists to help them managing complex user permissions.

I propose to setup a JWT payload GZIP compression to reduce the JWT token size and hopefully, solve issues raised previously. Tests that I did with a real use case that we had in my company (that forced us to use bearer auth) are promising. It's compatible with all the authentication mechanisms (basic, ldap, oidc, etc.) because the compression is done by extending the JWTClaimsSetGenerator that creates the JWT token

Even if the JWT payload compression isn't standard for signed JWT, it's used by libraries like JJWT

@AlexisSouquiere AlexisSouquiere marked this pull request as draft December 11, 2023 13:58
@AlexisSouquiere AlexisSouquiere marked this pull request as ready for review December 15, 2023 15:41
@tchiotludo tchiotludo merged commit 2e45266 into tchiotludo:dev Dec 17, 2023
@karolcienkosz karolcienkosz mentioned this pull request Dec 28, 2023
Closed
@mat-patrickschmelter mat-patrickschmelter mentioned this pull request Jan 11, 2024
Closed
@haraldott haraldott mentioned this pull request Dec 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Backlog
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

External roles and attributes mapping breaking if patterns are too long Error 502 with k8s and keycloak

2 participants

@AlexisSouquiere @tchiotludo