Giter Site home page Giter Site logo

curityio / sender-constrained-token-plugin Goto Github PK

View Code? Open in Web Editor NEW
0.0 4.0 0.0 21 KB

An API gateway plugin for verifying Certificate-Bound Access Tokens (RFC8705)

Home Page: https://curity.io/resources/learn/mutual-tls-api/

License: Apache License 2.0

Lua 100.00%
api-gateway jwt lua proof-of-possession zero-trust nginx use-case

sender-constrained-token-plugin's Introduction

Sender Constrained Token Plugin

Quality Availability

A LUA plugin for verifying sender constrained tokens in the reverse proxy.

Overview

Sender-constrained tokens are tokens that are bound to a certain client. These tokens cannot - in contrary to ordinary Bearer tokens - be used by a malicious client to access protected resources.

In financial-grade systems, APIs are secured by Mutual TLS, and Certificate Bound Access Tokens are used.
The client certificate used in API requests must then match that used at the time of authentication.

Demonstrating Proof-of-Possession (DPoP) or OAuth 2.0 Token Binding are other mechanism for sender constraining tokens though not supported by this plugin.

Plugin

This plugin makes the above token binding checks in an NGINX based reverse proxy.
See the following article for further details on how this plugin is used:

Configuration Parameters

type: Specify which type of constraint the token has. Currently, the only supported value is certificate-bound.

Running the Plugin

The following configuration at the reverse proxy will load and execute the plugin:

local tokenConfig = {
  type = 'certificate-bound'
}
local senderConstrainedTokenPlugin = require 'sender-constrained-token-plugin'
senderConstrainedTokenPlugin.execute(tokenConfig)

More Information

Please visit curity.io for more information about the Curity Identity Server.

sender-constrained-token-plugin's People

Contributors

gary-archer avatar ju-cu avatar

Watchers

avatar avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.