Hi Chamod, On Fri, Jun 28, 2019 at 10:48 AM Chamod Samarajeewa <[email protected]> wrote:
> Hi Harsha, > > @Chamod Samarajeewa <[email protected]> Are we also going to implement the >> revocation support as well as we already have the backend implementation? > > > Yes, we will. > I hope we are planning to follow the same real-time and persistent approach(with etc) similar to the mcirogateway for this. Or is there a different plan? > > Best regards. > > On Fri, Jun 28, 2019 at 10:44 AM Harsha Kumara <[email protected]> wrote: > >> @Chamod Samarajeewa <[email protected]> Are we also going to implement the >> revocation support as well as we already have the backend implementation? >> >> On Fri, Jun 28, 2019 at 10:37 AM Chamod Samarajeewa <[email protected]> >> wrote: >> >>> Hi All, >>> >>> I'm currently working on developing a new feature to support JWT >>> authentication for API Gateway. >>> [image: JWT-Auth.jpg] >>> >>> *Approach* >>> The API Authentication Handler will forward the request to OAuth >>> Authenticator. Then the OAuth Authenticator will identify whether the token >>> is of type OAuth or JWT. If a JWT token is found the request will be passed >>> to the JWT validator which will be used to verify the token signature and >>> populate the Authentication Context information. >>> >>> A sample payload of JWT token which is used to populate the >>> Authentication Context. >>> >>> { >>> "aud": "http://org.wso2.apimgt/gateway";, >>> "sub": "[email protected]", >>> "application": { >>> "owner": "admin", >>> "tier": "Unlimited", >>> "name": "DefaultApplication", >>> "id": 1 >>> }, >>> "scope": "am_application_scope default", >>> "iss": "https://localhost:9443/oauth2/token";, >>> "keytype": "PRODUCTION", >>> "subscribedAPIs": [ >>> { >>> "subscriberTenantDomain": "carbon.super", >>> "name": "PizzaShackAPI", >>> "context": "/pizzashack/1.0.0", >>> "publisher": "admin", >>> "version": "1.0.0", >>> "subscriptionTier": "Gold" >>> } >>> ], >>> "consumerKey": "tRfDHrQNasyVaCVv1Ej4GnR2bD0a", >>> "exp": 1561701126, >>> "iat": 1561697526, >>> "jti": "39d826ca-a56b-4637-b799-sa1ba4bbf24d" >>> } >>> >>> We are hoping to use the same caches used for OAuth tokens to store the >>> JWT tokens as well. In that scenario, the payload will be stored as a >>> JSONObject in the cache as the value and the key will be the "jti" value >>> (Unique identifier of the token) of the token. >>> >>> The swagger stored in the gateway as a local entry will be used to >>> - retrieve the missing information in the payload of JWT token such as >>> "API tier" >>> - retrieve scopes bound to the resource for scope validation >>> >>> The related Git issue can be found here [1]. I would really appreciate >>> any feedback. Thank you. >>> >>> Best regards, >>> Chamod. >>> >>> [1] - https://github.com/wso2/product-apim/issues/5115 >>> >>> -- >>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>> (m) +94710397382 | Email: [email protected] <[email protected]> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> >> *Harsha Kumara* >> >> Technical Lead, WSO2 Inc. >> Mobile: +94775505618 >> Email: [email protected] >> Blog: harshcreationz.blogspot.com >> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > Chamod Samarajeewa | Software Engineer | WSO2 Inc. > (m) +94710397382 | Email: [email protected] <[email protected]> > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Thanks & Regards, *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc Mobile : +94772338839 | [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
