@Chamod Samarajeewa <cha...@wso2.com> Are we also going to implement the
revocation support as well as we already have the backend implementation?
On Fri, Jun 28, 2019 at 10:37 AM Chamod Samarajeewa <cha...@wso2.com> wrote:
> Hi All,
>
> I'm currently working on developing a new feature to support JWT
> authentication for API Gateway.
> [image: JWT-Auth.jpg]
>
> *Approach*
> The API Authentication Handler will forward the request to OAuth
> Authenticator. Then the OAuth Authenticator will identify whether the token
> is of type OAuth or JWT. If a JWT token is found the request will be passed
> to the JWT validator which will be used to verify the token signature and
> populate the Authentication Context information.
>
> A sample payload of JWT token which is used to populate the Authentication
> Context.
>
> {
> "aud": "http://org.wso2.apimgt/gateway";,
> "sub": "admin@carbon.super",
> "application": {
> "owner": "admin",
> "tier": "Unlimited",
> "name": "DefaultApplication",
> "id": 1
> },
> "scope": "am_application_scope default",
> "iss": "https://localhost:9443/oauth2/token";,
> "keytype": "PRODUCTION",
> "subscribedAPIs": [
> {
> "subscriberTenantDomain": "carbon.super",
> "name": "PizzaShackAPI",
> "context": "/pizzashack/1.0.0",
> "publisher": "admin",
> "version": "1.0.0",
> "subscriptionTier": "Gold"
> }
> ],
> "consumerKey": "tRfDHrQNasyVaCVv1Ej4GnR2bD0a",
> "exp": 1561701126,
> "iat": 1561697526,
> "jti": "39d826ca-a56b-4637-b799-sa1ba4bbf24d"
> }
>
> We are hoping to use the same caches used for OAuth tokens to store the
> JWT tokens as well. In that scenario, the payload will be stored as a
> JSONObject in the cache as the value and the key will be the "jti" value
> (Unique identifier of the token) of the token.
>
> The swagger stored in the gateway as a local entry will be used to
> - retrieve the missing information in the payload of JWT token such as
> "API tier"
> - retrieve scopes bound to the resource for scope validation
>
> The related Git issue can be found here [1]. I would really appreciate any
> feedback. Thank you.
>
> Best regards,
> Chamod.
>
> [1] - https://github.com/wso2/product-apim/issues/5115
>
> --
> Chamod Samarajeewa | Software Engineer | WSO2 Inc.
> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com>
> GET INTEGRATION AGILE
> Integration Agility for Digitally Driven Business
>
--
*Harsha Kumara*
Technical Lead, WSO2 Inc.
Mobile: +94775505618
Email: hars...@wso2.coim
Blog: harshcreationz.blogspot.com
GET INTEGRATION AGILE
Integration Agility for Digitally Driven Business
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
