| Status | |
|---|---|
| Stability | alpha |
| Distributions | contrib |
| Issues |   |
| Code Owners | @starptech |
The JWT auth extensions implements a configauth.ServerAuthenticator, to be used in receivers inside the auth settings. The authenticator type has to be set to jwt.
The incoming request is expected to have a Authorization header, with a value of Bearer <token>. The token is then validated using the configured secret setting.
Currently, only HS256 is supported. We enrich the client context field Auth with the claims from the token. You can use this information in a processor like attributesprocessor to filter or enrich the data.
| Simple | With attributesprocessor |
extensions:
jwt:
# The secret used to validate the token
secret: "secret"
receivers:
otlp:
protocols:
grpc:
# Add auth settings to the receiver
auth:
authenticator: jwt
processors:
exporters:
logging:
logLevel: debug
service:
# Enable the extension
extensions: [jwt]
pipelines:
traces:
receivers: [otlp]
processors: []
exporters: [logging] |
extensions:
jwt:
secret: "secret"
receivers:
otlp:
protocols:
grpc:
auth:
authenticator: jwt
processors:
# Extract the project id from the auth context
attributes/from_auth_context:
actions:
- key: project.id
from_context: auth.project_id
action: insert
exporters:
logging:
logLevel: debug
service:
extensions: [jwt]
pipelines:
traces:
receivers: [otlp]
# Apply the processor
processors: [attributes/from_auth_context]
exporters: [logging] |
The following settings are required:
secret(string): The secret used to validate the token. You can also use an environment variable${ENV_VAR_NAME}.attribute(string): The header name to look for auth data. Defaults toauthorization.
OTEL clients can use the WithHeaders option to set the Authorization header.
client := otlptracehttp.NewClient(
otlptracehttp.WithEndpoint(endpoint),
otlptracehttp.WithHeaders(map[string]string{
"Authorization": "Bearer <secret>",
}),
)