feat: add JWT authentication for gRPC requests#18
Merged
Conversation
Collaborator
adamweeks
commented
Dec 1, 2025
adamweeks
commented
- Implement JWT validation for securing gRPC communication with Webex Contact Center.
- Introduce JWTAuthInterceptor for token validation in gRPC requests.
- Update configuration to include JWT settings in config.yaml.
- Enhance README with detailed JWT authentication instructions and deployment recommendations.
- Add unit tests for JWT validation and interceptor functionality.
- Update requirements.txt to include cryptography support for JWT signature verification.
- Implement JWT validation for securing gRPC communication with Webex Contact Center. - Introduce JWTAuthInterceptor for token validation in gRPC requests. - Update configuration to include JWT settings in config.yaml. - Enhance README with detailed JWT authentication instructions and deployment recommendations. - Add unit tests for JWT validation and interceptor functionality. - Update requirements.txt to include cryptography support for JWT signature verification.
…ions - Clarify that the `datasource_url` must match exactly with the registered URL in BYoDS API. - Add examples for different URL formats and common mistakes to avoid. - Include verification steps and debugging tips for datasource URL mismatch errors.
adamweeks
force-pushed
the
jwt-validation
branch
from
0f4c14f to
8514273
Compare
ashtonjordan
requested changes
Dec 5, 2025
Collaborator
ashtonjordan
left a comment
ashtonjordan
left a comment
There was a problem hiding this comment.
Overall everything works, and looks good. And in regards to porting the code from the simulator repo. Might be a good idea to open a PR with them to fix their logic.
Context: This JWT validation code was imported/adapted from a Java repository implementation.
Root Cause: The security vulnerabilities (Issues 1-2) exist in the original Java source code and were carried over during the Python port.
Recommendations:
- Fix upstream first: Create a pull request in the original Java repository to implement issuer validation and remove unused constants
…ents - Add validation for JWT token issuer to prevent SSRF attacks by rejecting invalid issuers before fetching keys. - Update README with detailed instructions on valid issuers for Webex identity brokers. - Modify configuration to include a specific datasource URL. - Enhance unit tests to ensure invalid issuers are handled correctly and do not trigger key fetching.
Collaborator
Author
|
Pull request on the java repo opened for security issue as requested by @ashjorda: CiscoDevNet/webex-contact-center-provider-sample-code#24 |
Collaborator
Author
|
@ashjorda changes requested regarding security have been implemented, good finds! Ready for another round |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.