A provider charm for JWT authentication configuration.
Currently, the integrator supports bare-metal/virtual-machine deployments.
juju deploy jwt-integrator --channel 1/edgeTo configure the jwt-integrator charm, you may provide the following configuration options:
signing-key: (required) the signing key(s) used to verify the token, provided as a user secret.roles-key: (required) the key in the JSON payload that stores the user’s roles.jwt-header: the HTTP header in which the token is transmitted (typically theAuthorizationheader).jwt-url-parameter: the HTTP URL parameter to use if not using thejwt-header.subject-key: the key in the JSON payload that stores the username.required-audience: the name of the audience that the JWT must specify.required-issuer:the target issuer of JWT stored in the JSON payload.jwt-clock-skew-tolerance: time in seconds that is tolerated as clock disparity between the authentication parties.
The only mandatory fields for the integrator are signing-key and roles-key.
To create a user secret containing the signing-key, follow these steps:
juju add-secret jwt-key signing-key="eyJhbGciOiAiSFMyNTYiLCAidHlwIjogI..."
secret:<your-secret-id>
juju grant-secret jwt-key jwt-integrator
juju config jwt-integrator signing-key=secret:<your-secret-id>Provide the key used for signing your self-contained JWT's instead of the example above.
Relations are supported via the jwt interface. To create a relation:
juju integrate jwt-integrator applicationTo remove the relation:
juju remove-relation jwt-integrator applicationSecurity issues in the Charmed jwt Integrator Operator can be reported through LaunchPad. Please do not file GitHub issues about security issues.
Please see the Juju SDK docs for guidelines on enhancements to this charm following best practice guidelines, and CONTRIBUTING.md for developer guidance.