Enhance jwt-auth Plugin with Configurable Claim Name and Support for Asymmetric Algorithms

[knownasmobin]

Description

This PR introduces a new feature and several enhancements to the jwt-auth plugin in Apache APISIX. The key change is the addition of a configurable key_claim_name parameter, which allows users to specify the JWT claim used for identifying the user. This provides greater flexibility and enables integration with a wider variety of JWT issuers and token structures.

Key Changes:

1. Configurable JWT Claim Name (key_claim_name): Users can now specify which claim in the JWT payload should be used to identify the user (e.g., iss for the issuer claim).
2. Support for Asymmetric Algorithms (RS256, ES256): The plugin now supports JWTs signed with asymmetric algorithms, with new configuration fields for public_key and private_key.
3. Schema Enhancements: Descriptions have been added to several schema properties, improving clarity. The schema has also been restructured for better readability and maintainability.
4. Backwards Compatibility: The default behavior remains unchanged, ensuring that existing configurations continue to work without modification.

This change addresses the following:

• Increases flexibility in JWT validation, allowing integration with a broader range of JWT issuers and formats.
• Aligns APISIX's JWT validation with existing authentication systems without requiring token modifications.
• Enhances security by providing precise control over which claim is used for user identification.

Fixes: Issue #11276

Checklist

• I have explained the need for this PR and the problem it solves.
• I have explained the changes or the new features added to this PR.
• I have added tests corresponding to this change, including tests for both symmetric and asymmetric JWT validation.
• I have updated the documentation to reflect this change.
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first).

[shreemaan-abhishek]

Please keep your PR focused. One PR should do only one thing, else it becomes very difficult to review your code.

For this PR, it is advisable to introduce support for configurable claim name and only that. Thanks.

[shreemaan-abhishek]

it seems, this PR would be a duplicate of #11282.

Support for Asymmetric Algorithms (RS256, ES256)

If you want to introduce this support, please do so in another PR with the proposal written in an issue.

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

[github-actions]

This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.