JWT Signer

Fixed an issue where the jwt-signer plugin failed to upsert jwks if the jwks contains extra custom fields.

Supported /jwt-signer/jwks endpoint in dbless mode

Supported /jwt-signer/jwks/:jwt_signer_jwks endpoint in dbless mode.

supports basic auth and mtls auth to external jwks services

The plugin now supports periodically rotating the jwks. For example, to autmatically rotate access_token_jwks_uri, you can set the config access_token_jwks_uri_rotate_period

The plugin now supports adding the original JWT(s) to the upstream request header by specifying the names of the upstream request header with original_access_token_upstream_header and original_channel_token_upstream_header. And access_token_upstream_header, channel_token_upstream_header, original_access_token_upstream_header, and original_channel_token_upstream_header should not have the same value.

Support pseudo json value in add_claims and set_claims for JWT-Signer. We can achieve the goal of passing multiple values to a key by passing a JSON string as the value. And add add_access_token_claims, set_access_token_claims, add_channel_token_claims, set_channel_token_claims for individually adding claims to access tokens and channel tokens. Additionally, add remove_access_token_claims and remove_channel_token_claims to support the removal of claims.

support for consumer group scoping by using pdk kong.client.authenticate function

support for consumer group scoping by using pdk kong.client.authenticate function

support for consumer group scoping by using pdk kong.client.authenticate function

Added the configuration field add_claims, which lets you add extra claims to JWT.

Improved Plugin Documentation: Revised docs for the following plugins to include examples:

• CORS
• File Log
• HTTP Log
• JWT Signer
• Key Auth
• OpenID Connect
• Rate Limiting Advanced
• SAML
• StatsD

Improved Plugin Documentation: JWT Signer

The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

Updated the priority for some plugins.: jwt-signer changed from 999 to 1020.

Fixed the error attempt to call local 'err' (a string value).

Implement the enable_hs_signatures option to enable JWTs signed with HMAC algorithms

Fixed an issue where the enable_hs_signatures configuration parameter did not work. The plugin now defines expiry earlier to avoid arithmetic on a nil value.