Comments (2)
EPIC:
- for planning poker purposes - please assign a point size
- this is needs to be broken down into engineering user stories - please prefix with
JWT Plugin:
Background Info
- per our plugin naming convention, this will be the first iteration of jwt plugin -
express-gateway-plugin-jwt
- JWT RFC - https://tools.ietf.org/html/rfc7519
- this is an auth mechanism to EG, to keep consistent with the ecosystem and the interfaces already adopted, we should use
Passport
based middleware (i.e.passport-jwt
- library for generating JWT -
jsonwebtoken
- Passport JWT overview - https://blog.jscrambler.com/implementing-jwt-using-passport/
- super helpful debugger - https://jwt.io
New JWT Policy and Plugin Registration
The plugin will introduce a new auth policy - JWT.
- plugin is registered under
system.config.yml
in theplugins:
section - system wide parameters are specified underneath its entry
- querystring param that contain JWT -
jwt
= default - claim used containing the JWT key,
iss
= default - registered claims that can be verified
iss
- in the case of EG being the provider, the parameter specified above is used to identify the keysub
- TBD, should understand the use case for this claim furtheraud
- TBD, however, ifsub
is used, thenaud
must also be verifiedexp
- EG can verify this claimnbf
- EG can verify this claimjti
- an extra layer of security to prevent replay, probably not necessary for 1st iteration of JWT
- querystring param that contain JWT -
- a JWT policy can be declared in the
gateway.config.yml
in thepolicies:
section which will allow the JWT policy to be used within a pipeline
New Credential Type
The plugin will extend EG credential management by introducing a new credential type known as JWT - (i.e. jwt
, just like basic
, oauth2
etc)
JWT Credential Type
The new JWT credential type will need to contain the following:
- keyId - auto generated (please refer to how
key-auth
works in EG for more info on how keys are generated in pairs - id and secret) - verification algorithm:
HS256
,RS256
, orES256
- rsa_public key: for
RS256
/ES256
- keySecret: auto generated (note: if the algo is
H256
/ES256
)
Admin API and CLI extensions
- you need to be create a
jwt
credential type via CLI - parameters:
- which
algo
to use (see above) - RSA public key, supported options below
- string key itself
- path to PEM file (used for
RS256
/ES256
) - bonus: openssl extraction of pub key directly from X.509 cert
- which
- you need to be able to delete a
jwt
credential
Issues/Blockers
- JWTs can be multiple and nested, what to do? start simple with single for our own reference implementation
- 1 JWT type credential per consumer? or is this something more like
key-auth
? - how to type in EG scopes into the JWT payload
- the token and credential services in EG must be extended via the plugin - this was planned for iteration 2 of the plugin framework development plan
from express-gateway.io.
This issue was moved to ExpressGateway/express-gateway#419
from express-gateway.io.
Related Issues (20)
- passThrough parameter is not documented in any policy
- blog: CSS fix for anchors has affected the article listing and article title HOT 2
- Cannot interact with express gateway admin while in the same path (PWD) HOT 2
- The lateral menu should follow you when scrolling the blog page
- JWT documentation is unclear around the `checkCredentialsParameters` flag
- Index blog posts in Algolia as well
- Docs are not mentioning auth headers in downstream services
- Add author field for all our blog posts
- About page has some un accessible copies
- Put RoadMap page on Express Gateway
- Investigate Google specific tags for menu on page results HOT 2
- Blog posts should be a secondary result over a documentation page HOT 1
- GDPR: eg.io needs to be compliant on email submission HOT 2
- helpful hint: how to test basic-auth policy
- helpful hint: how to quickly test key-authorization
- expressions plugin is missing on Plugins page HOT 5
- Small bug in docs: comma in yml example - policies/headers HOT 5
- update roadmap per maintainer meeting 10/22/2018
- EG docs update - admin api updates
- Font weight and color are hard to read
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-gateway.io.