@Chamod Samarajeewa <cha...@wso2.com> Are we also going to implement the revocation support as well as we already have the backend implementation?
On Fri, Jun 28, 2019 at 10:37 AM Chamod Samarajeewa <cha...@wso2.com> wrote: > Hi All, > > I'm currently working on developing a new feature to support JWT > authentication for API Gateway. > [image: JWT-Auth.jpg] > > *Approach* > The API Authentication Handler will forward the request to OAuth > Authenticator. Then the OAuth Authenticator will identify whether the token > is of type OAuth or JWT. If a JWT token is found the request will be passed > to the JWT validator which will be used to verify the token signature and > populate the Authentication Context information. > > A sample payload of JWT token which is used to populate the Authentication > Context. > > { > "aud": "http://org.wso2.apimgt/gateway", > "sub": "admin@carbon.super", > "application": { > "owner": "admin", > "tier": "Unlimited", > "name": "DefaultApplication", > "id": 1 > }, > "scope": "am_application_scope default", > "iss": "https://localhost:9443/oauth2/token", > "keytype": "PRODUCTION", > "subscribedAPIs": [ > { > "subscriberTenantDomain": "carbon.super", > "name": "PizzaShackAPI", > "context": "/pizzashack/1.0.0", > "publisher": "admin", > "version": "1.0.0", > "subscriptionTier": "Gold" > } > ], > "consumerKey": "tRfDHrQNasyVaCVv1Ej4GnR2bD0a", > "exp": 1561701126, > "iat": 1561697526, > "jti": "39d826ca-a56b-4637-b799-sa1ba4bbf24d" > } > > We are hoping to use the same caches used for OAuth tokens to store the > JWT tokens as well. In that scenario, the payload will be stored as a > JSONObject in the cache as the value and the key will be the "jti" value > (Unique identifier of the token) of the token. > > The swagger stored in the gateway as a local entry will be used to > - retrieve the missing information in the payload of JWT token such as > "API tier" > - retrieve scopes bound to the resource for scope validation > > The related Git issue can be found here [1]. I would really appreciate any > feedback. Thank you. > > Best regards, > Chamod. > > [1] - https://github.com/wso2/product-apim/issues/5115 > > -- > Chamod Samarajeewa | Software Engineer | WSO2 Inc. > (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- *Harsha Kumara* Technical Lead, WSO2 Inc. Mobile: +94775505618 Email: hars...@wso2.coim Blog: harshcreationz.blogspot.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture