[added] support for StrictSigningKeyUsage and updated jwt library (#1845)

This will cause the server to not trust accounts/user signed by an identity key The boot strapping system account will assume the account is issued by the operator. If this is not desirable, the system account can be provided right away as resolver_preload. [fixes] crash when the system account uses signing keys and an update changes that key set. Signed-off-by: Matthias Hanel <mh@synadia.com>
2026-04-02 03:38:42 -07:00 · 2021-01-26 17:49:58 -05:00
parent 695539c922
commit dea9effa8d
12 changed files with 188 additions and 61 deletions
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.15
 require (
 	github.com/klauspost/compress v1.11.7
 	github.com/minio/highwayhash v1.0.0
-	github.com/nats-io/jwt/v2 v2.0.0-20210107222814-18c5cc45d263
+	github.com/nats-io/jwt/v2 v2.0.0-20210125223648-1c24d462becc
 	github.com/nats-io/nats.go v1.10.1-0.20210122204956-b8ea7fc17ea6
 	github.com/nats-io/nkeys v0.2.0
 	github.com/nats-io/nuid v1.0.1