Feature request: IDs for JWT claims #6016
Labels
good first issue
Issues that are suitable for first-time contributors.
meta-feature-request
Issues to track feature requests.
prio-medium
Resolve this some time soon (tm).
scope-interop
Issues that fix interop issues between Lodestar and CL, EL or tooling.
Problem description
The execution API spec defines an optional
id
claim that can be set in a JWT token to convey information about the client being authenticated. This is useful for more advanced forms of authentication beyond the basic 1-CL-to-1-EL authentication that we usually do. For example, my Electric Eel multiplexer uses theid
to identify the connecting client and decide which JWT secret to use. Without the ID, it has to fall back on iterating all known JWT secrets and trying to verify the token against them (which is slow).The spec defines the
id
claim here: https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md#jwt-claimsIt's worth noting that the ID in the claim is distinct from the key-ID concept defined by the JWT standard, which is part of the header, not the body. Apart from being a bit inelegant this isn't an issue.
Solution description
Add a flag to Lodestar like
--jwt-id
which takes a string to use as the JWT ID for claims made to the EL.Additional context
No response
The text was updated successfully, but these errors were encountered: