feat(GraphQL): Allow Multiple JWKUrls for auth. #7528
Conversation
github-actions
bot
added
the
area/graphql
minhaj-shakeel
requested review from
manishrjain and
vvbalaji-dgraph
as code owners
There was a problem hiding this comment.
Reviewable status: 0 of 5 files reviewed, 3 unresolved discussions (waiting on @manishrjain, @minhaj-shakeel, @pawanrawal, and @vvbalaji-dgraph)
graphql/authorization/auth.go, line 432 at r1 (raw file):
// FetchJWKs fetches the JSON Web Key set from a JWKUrl. It acquires a Lock over a as some of the // properties of AuthMeta are modified in the process.
This part of the comment is stale now, can be removed:
It acquires a Lock over a as some of the properties of AuthMeta are modified in the process.
graphql/schema/schemagen.go, line 409 at r1 (raw file):
Quoted 6 lines of code…
for i := 0; i < len(metaInfo.authMeta.JWKUrls); i++ { fetchErr := metaInfo.authMeta.FetchJWKs(i) if fetchErr != nil { return nil, fetchErr } }
we should make 2 separate functions FetchJWK(i) and FetchJWKs()
FetchJWKs() will contain this for loop and use FetchJWK(i) internally?
testutil/graphql.go, line 252 at r1 (raw file):
"jwkurls":
we should keep tests for both jwkurl and jwkurls. Let's let the original test be as it was, but to test jwkurls add another test.
There was a problem hiding this comment.
Reviewable status: 0 of 5 files reviewed, 3 unresolved discussions (waiting on @abhimanyusinghgaur, @manishrjain, @pawanrawal, and @vvbalaji-dgraph)
graphql/authorization/auth.go, line 432 at r1 (raw file):
Previously, abhimanyusinghgaur (Abhimanyu Singh Gaur) wrote…
// FetchJWKs fetches the JSON Web Key set from a JWKUrl. It acquires a Lock over a as some of the // properties of AuthMeta are modified in the process.This part of the comment is stale now, can be removed:
It acquires a Lock over a as some of the properties of AuthMeta are modified in the process.
Done.
graphql/schema/schemagen.go, line 409 at r1 (raw file):
Previously, abhimanyusinghgaur (Abhimanyu Singh Gaur) wrote…
for i := 0; i < len(metaInfo.authMeta.JWKUrls); i++ { fetchErr := metaInfo.authMeta.FetchJWKs(i) if fetchErr != nil { return nil, fetchErr } }we should make 2 separate functions
FetchJWK(i)andFetchJWKs()
FetchJWKs()will contain this for loop and useFetchJWK(i)internally?
Done.
testutil/graphql.go, line 252 at r1 (raw file):
Previously, abhimanyusinghgaur (Abhimanyu Singh Gaur) wrote…
"jwkurls":we should keep tests for both
jwkurlandjwkurls. Let's let the original test be as it was, but to testjwkurlsadd another test.
Done.
(cherry picked from commit f4c857b)
Fixes GRAPHQL-1048.
This PR adds support for Passing multiple JWKUrls in the authorization header.
This change is