Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BE: Auth: JWT auth w/ JWKS #4145

Open
2 tasks done
daniel-soares4 opened this issue Aug 22, 2023 · 4 comments
Open
2 tasks done

BE: Auth: JWT auth w/ JWKS #4145

daniel-soares4 opened this issue Aug 22, 2023 · 4 comments
Labels
area/auth scope/backend status/accepted An issue which has passed triage and has been accepted type/enhancement En enhancement to an already existing feature

Comments

@daniel-soares4
Copy link

daniel-soares4 commented Aug 22, 2023
edited
Loading

Issue submitter TODO list

  • I've searched for an already existing issues here
  • I'm running a supported version of the application which is listed here and the feature is not present there

Is your proposal related to a problem?

No

Describe the feature you're interested in

Hi !

Any ideas on providing a JWT token authentication mechanism?

In our case we have a central place where authentication already happens using Azure AD as IDP, and we would like to just forward the JWT resultant from the oauth provider authentication to kafka-ui, and then kafka-ui could just validate the jwt using JWKS (https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets).

A similar feature is present in Grafana (https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/#verify-token-using-a-json-web-key-set-loaded-from-https-endpoint), which we are using fine.

As it is now, our only solution is to authenticate using Azure AD in our central place to get access to the internal network to reach kafka-ui, and then authenticate again into kafka-ui using the same method.

Describe alternatives you've considered

No response

Version you're running

56fa824

Additional context

No response
@daniel-soares4 daniel-soares4 added status/triage Issues pending maintainers triage type/feature A new feature labels Aug 22, 2023
@github-actions
Copy link

Hello there daniel-soares4! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀

@Haarolean Haarolean self-assigned this Aug 23, 2023
@Haarolean Haarolean added area/auth and removed status/triage Issues pending maintainers triage labels Aug 29, 2023
@daniel-soares4
Copy link
Author

Hello!
Thanks for accepting this request.

This is being actively worked on. Any prediction on when it might be ready?
If I knew more Java I would try to help, but unfortunately, I don't know much.

@Haarolean
Copy link
Contributor

@daniel-soares4 This issue is not being actively worked on, I'm adding this to up for grabs board as we don't have the bandwidth to implement this.

@Haarolean Haarolean removed their assignment Sep 5, 2023
@Haarolean Haarolean added type/enhancement En enhancement to an already existing feature status/accepted An issue which has passed triage and has been accepted and removed type/feature A new feature labels Sep 5, 2023
@Haarolean Haarolean changed the title JWT authentication using JWKS BE: Auth: JWT auth w/ JWKS Sep 5, 2023
@Haarolean
Copy link
Contributor

https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html

@Haarolean Haarolean mentioned this issue Mar 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/auth scope/backend status/accepted An issue which has passed triage and has been accepted type/enhancement En enhancement to an already existing feature
Projects
Up for grabs
Status: Intermediate
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Haarolean @daniel-soares4