Hi Johann,
How about supporting 3rd party Key Manager generated JWT access tokens?
> Will that work? 'jti' is an optional field as I remember. How would caching
> be impacted in that case?
>
Good that you pointed out that. Then, we will have to use the whole token
as the key to the cache entry.
On Fri, Jun 28, 2019 at 11:54 AM Fazlan Nazeem <fazl...@wso2.com> wrote:
> Hi Chamod,
>
> On Fri, Jun 28, 2019 at 10:48 AM Chamod Samarajeewa <cha...@wso2.com>
> wrote:
>
>> Hi Harsha,
>>
>> @Chamod Samarajeewa <cha...@wso2.com> Are we also going to implement the
>>> revocation support as well as we already have the backend implementation?
>>
>>
>> Yes, we will.
>>
>
> I hope we are planning to follow the same real-time and persistent
> approach(with etc) similar to the mcirogateway for this. Or is there a
> different plan?
>
>>
>> Best regards.
>>
>> On Fri, Jun 28, 2019 at 10:44 AM Harsha Kumara <hars...@wso2.com> wrote:
>>
>>> @Chamod Samarajeewa <cha...@wso2.com> Are we also going to implement
>>> the revocation support as well as we already have the backend
>>> implementation?
>>>
>>> On Fri, Jun 28, 2019 at 10:37 AM Chamod Samarajeewa <cha...@wso2.com>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> I'm currently working on developing a new feature to support JWT
>>>> authentication for API Gateway.
>>>> [image: JWT-Auth.jpg]
>>>>
>>>> *Approach*
>>>> The API Authentication Handler will forward the request to OAuth
>>>> Authenticator. Then the OAuth Authenticator will identify whether the token
>>>> is of type OAuth or JWT. If a JWT token is found the request will be passed
>>>> to the JWT validator which will be used to verify the token signature and
>>>> populate the Authentication Context information.
>>>>
>>>> A sample payload of JWT token which is used to populate the
>>>> Authentication Context.
>>>>
>>>> {
>>>> "aud": "http://org.wso2.apimgt/gateway";,
>>>> "sub": "admin@carbon.super",
>>>> "application": {
>>>> "owner": "admin",
>>>> "tier": "Unlimited",
>>>> "name": "DefaultApplication",
>>>> "id": 1
>>>> },
>>>> "scope": "am_application_scope default",
>>>> "iss": "https://localhost:9443/oauth2/token";,
>>>> "keytype": "PRODUCTION",
>>>> "subscribedAPIs": [
>>>> {
>>>> "subscriberTenantDomain": "carbon.super",
>>>> "name": "PizzaShackAPI",
>>>> "context": "/pizzashack/1.0.0",
>>>> "publisher": "admin",
>>>> "version": "1.0.0",
>>>> "subscriptionTier": "Gold"
>>>> }
>>>> ],
>>>> "consumerKey": "tRfDHrQNasyVaCVv1Ej4GnR2bD0a",
>>>> "exp": 1561701126,
>>>> "iat": 1561697526,
>>>> "jti": "39d826ca-a56b-4637-b799-sa1ba4bbf24d"
>>>> }
>>>>
>>>> We are hoping to use the same caches used for OAuth tokens to store the
>>>> JWT tokens as well. In that scenario, the payload will be stored as a
>>>> JSONObject in the cache as the value and the key will be the "jti" value
>>>> (Unique identifier of the token) of the token.
>>>>
>>>> The swagger stored in the gateway as a local entry will be used to
>>>> - retrieve the missing information in the payload of JWT token such as
>>>> "API tier"
>>>> - retrieve scopes bound to the resource for scope validation
>>>>
>>>> The related Git issue can be found here [1]. I would really appreciate
>>>> any feedback. Thank you.
>>>>
>>>> Best regards,
>>>> Chamod.
>>>>
>>>> [1] - https://github.com/wso2/product-apim/issues/5115
>>>>
>>>> --
>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc.
>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com>
>>>> GET INTEGRATION AGILE
>>>> Integration Agility for Digitally Driven Business
>>>>
>>>
>>>
>>> --
>>>
>>> *Harsha Kumara*
>>>
>>> Technical Lead, WSO2 Inc.
>>> Mobile: +94775505618
>>> Email: hars...@wso2.coim
>>> Blog: harshcreationz.blogspot.com
>>>
>>> GET INTEGRATION AGILE
>>> Integration Agility for Digitally Driven Business
>>>
>>
>>
>> --
>> Chamod Samarajeewa | Software Engineer | WSO2 Inc.
>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com>
>> GET INTEGRATION AGILE
>> Integration Agility for Digitally Driven Business
>>
>
>
> --
> Thanks & Regards,
>
> *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc
> Mobile : +94772338839 | fazl...@wso2.com
>
>
>
--
Chamod Samarajeewa | Software Engineer | WSO2 Inc.
(m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com>
GET INTEGRATION AGILE
Integration Agility for Digitally Driven Business
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
