[frontend] Add JWT authentication to gRPC frontend (!901) · Merge requests · CTA / CTA

Konstantina Skovola requested to merge grpc-frontend-wfe-token-auth into main May 15, 2025

Description

This commit implements JWT authentication with JWKS public key caching for the gRPC Frontend.

It introduces a new submodule, jwt-cpp, which is a header-only library used for token validation. Tokens are validated using the RS256 algorithm. Public keys are cached and periodically refreshed. A configurable public key timeout interval (no expiration by default) and a configurable cache refresh interval are introduced for this purpose. Token authentication can only be used with TLS and must be specified in the configuration file.

Checklist

Documentation reflects the changes made.
Merge Request title is clear, concise, and suitable as a changelog entry. See this link

References

Closes #1065 (closed)

Edited Aug 06, 2025 by Konstantina Skovola

[frontend] Add JWT authentication to gRPC frontend

Description

Checklist

References

Merge request reports