You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In my setup I have a microservice which issues JWT to users. I already tested JWT validation with KrakenD and it works fine. However, I would also like to implement OWASP recomendations for JWT, in my use case I have the following:
I create a unique token and use it as a fingerprint
This token is added to a cookie (Http Only, same site, Secure)
I also add a hash of the token (SHA256) to the JWT claims
Then I just compare the values as an extra validation of the JWK token. Since I have multiple services (implemented in other languages), it will make the validation cumbersome if I move this logic outside KrakenD request processing. What would be the simplest approach to implement this flow on KrakenD side?
This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.
Describe what are you trying to do
In my setup I have a microservice which issues JWT to users. I already tested JWT validation with KrakenD and it works fine. However, I would also like to implement OWASP recomendations for JWT, in my use case I have the following:
Then I just compare the values as an extra validation of the JWK token. Since I have multiple services (implemented in other languages), it will make the validation cumbersome if I move this logic outside KrakenD request processing. What would be the simplest approach to implement this flow on KrakenD side?
Your configuration file
My
krakend.json
:The text was updated successfully, but these errors were encountered: