-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate JWT signature #33
Comments
@dcseifert we should do this by providing envoy as optional middleware to the Kelon System. Envoy could run as a sidecar or integrated and be configured by Kelon over its api. This would lead to us being able to use the rich envoy filterset. So here we could use for example the jwt verify step for different apis without having to rebuild essential logic. We should discuss this further. For example could Envoy be a better web proxy for Kelon. What do you think? |
@mkjoerg Sounds like a great idea! I'll start trying this go-library from coreos for JWT-Verifikation first |
@dcseifert As discussed, running a separate envoy will not help us here, so that is perfectly fine. |
@dcseifert yes this would be a great way to configure this. The only thing I would recommend is adding an option to trigger on everything except. Like istio does it with trigger rules triggerRules:
- excludedPaths:
- prefix: /api... Details can be seen here: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1/ |
Description
In order to keep the entire Authentication & Authorization logic away from the user of kelon, we need a simple possibility to check the signature of passed JWT-Tokens. In addition to that there must be the possibility to specify for each endpoint if it needs authentication or not.
Tasks
Outcome
Kelon unifies the entire auth process and bundles it into one enforcement point
The text was updated successfully, but these errors were encountered: