Add placeholder replacement support for signKey #92

steffenbusch · 2025-03-21T21:18:38Z

This pull request adds placeholder replacement support for the sign_key sub-directive, allowing users to load keys from external files.

Example usage:

jwtauth {
  sign_key {file.sign_key.txt}
  sign_alg HS256
  jwk_url https://api.example.com/jwk/keys
  from_query access_token token
  from_header X-Api-Token
  from_cookies user_session
  issuer_whitelist https://api.example.com
  audience_whitelist https://api.example.io https://learn.example.com
  user_claims aud uid user_id username login
  meta_claims "IsAdmin->is_admin" "settings.payout.paypal.enabled->is_paypal_enabled"
}

In this example, the file sign_key.txt contains the actual signing key, such as:

TkZMNSowQmMjOVU2RUB0bm1DJkU3U1VONkd3SGZMbVk=

This update also facilitates the use of public keys by allowing direct references to .pem files, e.g.:

sign_key {file./path/to/public_key.pem}

Note
This feature requires Caddy v2.8.0 or later, which introduced support for the {file.} placeholder syntax.
See: caddyserver/caddy#5463

ggicci · 2025-03-25T06:28:53Z

Thank you @steffenbusch :)

Add placeholder replacement support for signKey

afe8522

ggicci merged commit a248851 into ggicci:main Mar 25, 2025
1 check failed

steffenbusch deleted the placeholder-support branch March 29, 2025 08:25

ggicci mentioned this pull request Apr 30, 2025

Support for Placeholder Integration on JWKURL #95

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add placeholder replacement support for signKey #92

Add placeholder replacement support for signKey #92

Uh oh!

steffenbusch commented Mar 21, 2025

Uh oh!

Uh oh!

ggicci commented Mar 25, 2025

Uh oh!

Uh oh!

Uh oh!

Add placeholder replacement support for signKey #92

Add placeholder replacement support for signKey #92

Uh oh!

Conversation

steffenbusch commented Mar 21, 2025

Uh oh!

Uh oh!

ggicci commented Mar 25, 2025

Uh oh!

Uh oh!