Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

JWT EdgeEngine Validation

The StackPath EdgeEngine™️ provides the ability to write custom JavaScript code that is executed at the edge of the StackPath CDN. This repo provides an example of how EdgeEngine™️ can be used to validate JWTs used for API authentication at the edge. Handling JWT validation at the edge will ensure that your API servers only see authenticated requests.

This script will only validate that the JWT provided is valid and the signature matches the Public Key exposed by your JWKS endpoint. If the JWT is considered valid, the request will continue to your site and the response is returned to the client.

Getting Started

Install Dependencies

This project uses yarn to manage dependencies and execute build s cripts, please install yarn before continuing. Once yarn has been installed and after you have cloned the repository, you can install the dependencies by executing the following command.

$ yarn install

Building the script

Before building the project, you will want to configure the project to reach out to the correct JWKS endpoint. The endpoint the script uses to retrieve your JWKS will be injected at build time through webpack. Set the JWKS_URL environment variable at build time to configure the endpoint that's used by the script. The JWKS_KID parameter should be set to the kid value defined within the JWK that's used for signing your JWTs.

$ JWKS_URL="" JWKS_KID="$KID" yarn build

Once the build has completed, your script will be located in build/bundle.js.

Uploading the script

Once you have built your script, log in to the StackPath Portal and navigate to the EdgeEngine tab within your CDN site.

First, create a new script using * as the Path option, this will force the script to be called on every request to your CDN site. Next, copy the script contents from build/bundle.js and paste them into the editor within the control panel.