On Fri, Jun 28, 2019 at 10:43 AM Harsha Kumara <[email protected]> wrote:
> @Chamod Samarajeewa <[email protected]> Are we also going to implement the > revocation support as well as we already have the backend implementation? > > On Fri, Jun 28, 2019 at 10:37 AM Chamod Samarajeewa <[email protected]> > wrote: > >> Hi All, >> >> I'm currently working on developing a new feature to support JWT >> authentication for API Gateway. >> [image: JWT-Auth.jpg] >> >> *Approach* >> The API Authentication Handler will forward the request to OAuth >> Authenticator. Then the OAuth Authenticator will identify whether the token >> is of type OAuth or JWT. If a JWT token is found the request will be passed >> to the JWT validator which will be used to verify the token signature and >> populate the Authentication Context information. >> >> A sample payload of JWT token which is used to populate the >> Authentication Context. >> >> { >> "aud": "http://org.wso2.apimgt/gateway";, >> "sub": "[email protected]", >> "application": { >> "owner": "admin", >> "tier": "Unlimited", >> "name": "DefaultApplication", >> "id": 1 >> }, >> "scope": "am_application_scope default", >> "iss": "https://localhost:9443/oauth2/token";, >> "keytype": "PRODUCTION", >> "subscribedAPIs": [ >> { >> "subscriberTenantDomain": "carbon.super", >> "name": "PizzaShackAPI", >> "context": "/pizzashack/1.0.0", >> "publisher": "admin", >> "version": "1.0.0", >> "subscriptionTier": "Gold" >> } >> ], >> "consumerKey": "tRfDHrQNasyVaCVv1Ej4GnR2bD0a", >> "exp": 1561701126, >> "iat": 1561697526, >> "jti": "39d826ca-a56b-4637-b799-sa1ba4bbf24d" >> } >> >> We are hoping to use the same caches used for OAuth tokens to store the >> JWT tokens as well. In that scenario, the payload will be stored as a >> JSONObject in the cache as the value and the key will be the "jti" value >> (Unique identifier of the token) of the token. >> >> The swagger stored in the gateway as a local entry will be used to >> - retrieve the missing information in the payload of JWT token such as >> "API tier" >> - retrieve scopes bound to the resource for scope validation >> >> The related Git issue can be found here [1]. I would really appreciate >> any feedback. Thank you. >> >> Best regards, >> Chamod. >> >> [1] - https://github.com/wso2/product-apim/issues/5115 >> >> -- >> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >> (m) +94710397382 | Email: [email protected] <[email protected]> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > > *Harsha Kumara* > > Technical Lead, WSO2 Inc. > Mobile: +94775505618 > Email: [email protected] > Blog: harshcreationz.blogspot.com > > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- *Harsha Kumara* Technical Lead, WSO2 Inc. Mobile: +94775505618 Email: [email protected] Blog: harshcreationz.blogspot.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
