chore: rename certificate in jwt to public_key, delete pool_size in jwks authn

apps/emqx_authn/i18n/emqx_authn_jwt_i18n.conf

@@ -21,14 +21,14 @@ emqx_authn_jwt {
     }
   }
 
-  certificate {
+  public_key {
     desc {
       en: """The public key used to verify the JWT."""
       zh: """用于验证 JWT 的公钥。"""
     }
     label {
-      en: """Certificate"""
-      zh: """证书"""
+      en: """Public Key"""
+      zh: """公钥"""
     }
   }
 
@@ -123,7 +123,7 @@ emqx_authn_jwt {
   server_name_indication {
     desc {
       en: """Server Name Indication (SNI)."""
-      zh: """服务器名称指示（SNI），未指定时将使用 <code>endpoint</code> 作为 SNI。"""
+      zh: """服务器名称指示（SNI）。"""
     }
     label {
       en: """Server Name Indication"""
@@ -133,8 +133,20 @@ emqx_authn_jwt {
 
   verify_claims {
     desc {
-      en: """The list of claims to verify."""
-      zh: """The list of claims to verify."""
+      en: """
+A list of custom claims to validate, which is a list of name/value pairs.
+Values can use the following placeholders:
+- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting
+- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting
+Authentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in <code>verify_claims</code>.
+"""
+      zh: """
+需要验证的自定义声明列表，它是一个名称/值对列表。
+值可以使用以下占位符：
+- <code>${username}</code>: 将在运行时被替换为客户端连接时使用的用户名
+- <code>${clientid}</code>: 将在运行时被替换为客户端连接时使用的客户端标识符
+认证时将验证 JWT（取自 Password 字段）中 claims 的值是否与 <code>verify_claims</code> 中要求的相匹配。
+"""
     }
     label {
       en: """Verify Claims"""
@@ -142,17 +154,6 @@ emqx_authn_jwt {
     }
   }
 
-  pool_size {
-    desc {
-      en: """JWKS connection count."""
-      zh: """JWKS 连接数量。"""
-    }
-    label {
-      en: """Pool Size"""
-      zh: """连接池大小"""
-    }
-  }
-
   ssl {
     desc {
       en: """SSL options."""

apps/emqx_authn/i18n/emqx_authn_mongodb_i18n.conf

@@ -35,15 +35,15 @@ emqx_authn_mongodb {
     desc {
       en: """
 Statement that is executed during the authentication process.
-Commands can support following wildcards:\n
-- `${username}`: substituted with client's username\n
-- `${clientid}`: substituted with the clientid
+Commands can support following wildcards:
+- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting
+- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting
 """
       zh: """
 认证过程中所使用的查询命令。
 查询命令支持如下占位符：
-- `${username}`: 将在运行时被替换为客户端连接时使用的用户名
-- `${clientid}`: 将在运行时被替换为客户端连接时使用的客户端标识符
+- <code>${username}</code>: 将在运行时被替换为客户端连接时使用的用户名
+- <code>${clientid}</code>: 将在运行时被替换为客户端连接时使用的客户端标识符
 """
     }
     label: {

apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl

@@ -66,13 +66,12 @@ fields('public-key') ->
         {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
         {algorithm,
             sc(hoconsc:enum(['public-key']), #{required => true, desc => ?DESC(algorithm)})},
-        {certificate, fun certificate/1}
+        {public_key, fun public_key/1}
     ] ++ common_fields();
 fields('jwks') ->
     [
         {use_jwks, sc(hoconsc:enum([true]), #{required => true, desc => ?DESC(use_jwks)})},
         {endpoint, fun endpoint/1},
-        {pool_size, fun pool_size/1},
         {refresh_interval, fun refresh_interval/1},
         {ssl, #{
             type => hoconsc:union([
@@ -125,10 +124,10 @@ secret_base64_encoded(desc) -> ?DESC(?FUNCTION_NAME);
 secret_base64_encoded(default) -> false;
 secret_base64_encoded(_) -> undefined.
 
-certificate(type) -> string();
-certificate(desc) -> ?DESC(?FUNCTION_NAME);
-certificate(required) -> ture;
-certificate(_) -> undefined.
+public_key(type) -> string();
+public_key(desc) -> ?DESC(?FUNCTION_NAME);
+public_key(required) -> ture;
+public_key(_) -> undefined.
 
 endpoint(type) -> string();
 endpoint(desc) -> ?DESC(?FUNCTION_NAME);
@@ -179,12 +178,6 @@ verify_claims(required) ->
 verify_claims(_) ->
     undefined.
 
-pool_size(type) -> integer();
-pool_size(desc) -> ?DESC(?FUNCTION_NAME);
-pool_size(default) -> 8;
-pool_size(validator) -> [fun(I) -> I > 0 end];
-pool_size(_) -> undefined.
-
 %%------------------------------------------------------------------------------
 %% APIs
 %%------------------------------------------------------------------------------
@@ -294,10 +287,10 @@ create2(#{
 create2(#{
     use_jwks := false,
     algorithm := 'public-key',
-    certificate := Certificate,
+    public_key := PublicKey,
     verify_claims := VerifyClaims
 }) ->
-    JWK = create_jwk_from_pem_or_file(Certificate),
+    JWK = create_jwk_from_public_key(PublicKey),
     {ok, #{
         jwk => JWK,
         verify_claims => VerifyClaims
@@ -320,15 +313,14 @@ create2(
         verify_claims => VerifyClaims
     }}.
 
-create_jwk_from_pem_or_file(CertfileOrFilePath) when
-    is_binary(CertfileOrFilePath);
-    is_list(CertfileOrFilePath)
+create_jwk_from_public_key(PublicKey) when
+    is_binary(PublicKey); is_list(PublicKey)
 ->
-    case filelib:is_file(CertfileOrFilePath) of
+    case filelib:is_file(PublicKey) of
         true ->
-            jose_jwk:from_pem_file(CertfileOrFilePath);
+            jose_jwk:from_pem_file(PublicKey);
         false ->
-            jose_jwk:from_pem(iolist_to_binary(CertfileOrFilePath))
+            jose_jwk:from_pem(iolist_to_binary(PublicKey))
     end.
 
 connector_opts(#{ssl := #{enable := Enable} = SSL} = Config) ->

apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl

@@ -174,7 +174,7 @@ t_jwt_authenticator_public_key(_) ->
         mechanism => jwt,
         use_jwks => false,
         algorithm => 'public-key',
-        certificate => PublicKey,
+        public_key => PublicKey,
         verify_claims => []
     },
     {ok, State} = emqx_authn_jwt:create(?AUTHN_ID, Config),