feat(jwt-auth): support remote JWKS (#3838)

Signed-off-by: Betula-L <6059935+Betula-L@users.noreply.github.com> Co-authored-by: Betula-L <6059935+Betula-L@users.noreply.github.com>
2026-06-03 01:27:27 +08:00 · 2026-05-25 16:04:10 +08:00
parent e6fc09b14f
commit a86aaadaa4
17 changed files with 2780 additions and 115 deletions
--- a/plugins/wasm-go/extensions/jwt-auth/handler/handler_test.go
+++ b/plugins/wasm-go/extensions/jwt-auth/handler/handler_test.go
@@ -0,0 +1,35 @@
+// Copyright (c) 2023 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package handler
+
+import (
+	"testing"
+
+	"github.com/alibaba/higress/plugins/wasm-go/extensions/jwt-auth/config"
+)
+
+func TestActionForVerifiedConsumerUsesConfigRuleSetSnapshot(t *testing.T) {
+	action, resume := actionForVerifiedConsumer(config.JWTAuthConfig{
+		RuleSet: true,
+		Allow:   []string{"allowed-consumer"},
+	}, "other-consumer", &testLogger{T: t})
+
+	if resume {
+		t.Fatalf("expected route-level allow list to deny non-allowed consumer")
+	}
+	if action == nil {
+		t.Fatalf("expected a deny action for non-allowed consumer")
+	}
+}