New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Key Feature #897
Comments
@Rajith90 @hasuniea @nuwand @AmaliMatharaarachchi |
We had a discussion on this,
|
[jwtTokenConfig]
selfJwtIssuer=false #to enable the self jwt issuer
selfJwtExpirySeconds=600 #set jwt token expiry time for the issued jwt
header - alg, typ, kid |
Shall we add new toml table inside [jwtTokenConfig]
issuer="https://localhost:9443/oauth2/token"
audience="http://org.wso2.apimgt/gateway"
certificateAlias="wso2apim"
[jwtTokenConfig.jwtIssuer]
enabled = true
validityPeriod = 600 |
@praminda +1 thanks. The conf would look similar to; [jwtTokenConfig]
issuer="https://localhost:9443/oauth2/token"
audience="http://org.wso2.apimgt/gateway"
certificateAlias="wso2apim"
validateSubscription=false
[jwtTokenConfig.jwtIssuer]
enabled=false
validityPeriod=600
keyStoreAlias="ballerina" |
Custom claim "apiKey" will be added to the jwt to indicate when it is an API key. |
Please find requested changes as below,
|
Describe your problem(s)
Provide STS for API Key issuing. #1094
Provide API Key authentication. #1093
As a developer, I would like to invoke my micro gateway API easily without configuring a key manager.
Describe your solution
Issue simple JWTs in Microgateway. A self contained JWT token should be issued by microgateway with secured invocations in mind.
How will you implement it
We can use the API Key(application programming interface key) concept to solve this issue.
The API Key is to be used for authenticating the invocation request.
A self-contained JWT token should be issued as the API key by the Microgateway server without communicating with an external Key Manager. This API key would later use to authenticate the user when invoking an API.
An endpoint secured with basic authentication should be provided to retrieve the API Key.
When invoking with this API Key, API key's sub claim could be used to authenticate the user and validate that the user has the privilege.
Optional Fields
Related Issues:
Suggested Labels:
Suggested Assignees:
The text was updated successfully, but these errors were encountered: