Hi all, In microgateway 3.0.2 version we only supports jwt tokens issued by a single issuer. (The current config [1]). But there can be use cases where microgateways need to support jwts issued by multiple issuers (STS). So we are planning to support the multiple issuers with jballerina update of the microgateway. For each new issuer defined in the config, authentication handler will be registered during the mgw startup and each token will be validated by each handler until the correct handler is found for that particular issuer of the token. We are planning to extend the configuration as below [2]. Ideally the config should look like [3]. But in ballerina right now there is a limitation in the config API in order to read the array objects from the toml files. Please find the github issue [4]. Please share your thoughts about this.
[1] - [jwtTokenConfig] issuer="https://localhost:9443/oauth2/token"; audience="http://org.wso2.apimgt/gateway"; certificateAlias="wso2apim" [2] [*jwtTokenConfig*] issuer="https://localhost:9443/oauth2/token"; audience="http://org.wso2.apimgt/gateway"; certificateAlias="wso2apim" [*jwtTokenConfig1*] issuer="issuer1" audience="aud1" certificateAlias="alias1" [*jwtTokenConfig2*] issuer="issuer2" audience="aud2" certificateAlias="alias2" [3] [[*jwtTokenConfig*]] issuer="https://localhost:9443/oauth2/token"; audience="http://org.wso2.apimgt/gateway"; certificateAlias="wso2apim" [[*jwtTokenConfig*]] issuer="issuer1" audience="aud1" certificateAlias="alias1" [[*jwtTokenConfig*]] issuer="issuer2" audience="aud2" certificateAlias="alias2" [4] - https://github.com/wso2/product-microgateway/issues/271 Thanks! Rajith -- *Rajith Roshan* | Associate Technical Lead | WSO2 Inc. (m) +94-717-064-214 | (e) [email protected] <[email protected]> blog: http://www.rajithr.com <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
