Hi Johann, How about supporting 3rd party Key Manager generated JWT access tokens? > Will that work? 'jti' is an optional field as I remember. How would caching > be impacted in that case? >
Good that you pointed out that. Then, we will have to use the whole token as the key to the cache entry. On Fri, Jun 28, 2019 at 11:54 AM Fazlan Nazeem <fazl...@wso2.com> wrote: > Hi Chamod, > > On Fri, Jun 28, 2019 at 10:48 AM Chamod Samarajeewa <cha...@wso2.com> > wrote: > >> Hi Harsha, >> >> @Chamod Samarajeewa <cha...@wso2.com> Are we also going to implement the >>> revocation support as well as we already have the backend implementation? >> >> >> Yes, we will. >> > > I hope we are planning to follow the same real-time and persistent > approach(with etc) similar to the mcirogateway for this. Or is there a > different plan? > >> >> Best regards. >> >> On Fri, Jun 28, 2019 at 10:44 AM Harsha Kumara <hars...@wso2.com> wrote: >> >>> @Chamod Samarajeewa <cha...@wso2.com> Are we also going to implement >>> the revocation support as well as we already have the backend >>> implementation? >>> >>> On Fri, Jun 28, 2019 at 10:37 AM Chamod Samarajeewa <cha...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> I'm currently working on developing a new feature to support JWT >>>> authentication for API Gateway. >>>> [image: JWT-Auth.jpg] >>>> >>>> *Approach* >>>> The API Authentication Handler will forward the request to OAuth >>>> Authenticator. Then the OAuth Authenticator will identify whether the token >>>> is of type OAuth or JWT. If a JWT token is found the request will be passed >>>> to the JWT validator which will be used to verify the token signature and >>>> populate the Authentication Context information. >>>> >>>> A sample payload of JWT token which is used to populate the >>>> Authentication Context. >>>> >>>> { >>>> "aud": "http://org.wso2.apimgt/gateway", >>>> "sub": "admin@carbon.super", >>>> "application": { >>>> "owner": "admin", >>>> "tier": "Unlimited", >>>> "name": "DefaultApplication", >>>> "id": 1 >>>> }, >>>> "scope": "am_application_scope default", >>>> "iss": "https://localhost:9443/oauth2/token", >>>> "keytype": "PRODUCTION", >>>> "subscribedAPIs": [ >>>> { >>>> "subscriberTenantDomain": "carbon.super", >>>> "name": "PizzaShackAPI", >>>> "context": "/pizzashack/1.0.0", >>>> "publisher": "admin", >>>> "version": "1.0.0", >>>> "subscriptionTier": "Gold" >>>> } >>>> ], >>>> "consumerKey": "tRfDHrQNasyVaCVv1Ej4GnR2bD0a", >>>> "exp": 1561701126, >>>> "iat": 1561697526, >>>> "jti": "39d826ca-a56b-4637-b799-sa1ba4bbf24d" >>>> } >>>> >>>> We are hoping to use the same caches used for OAuth tokens to store the >>>> JWT tokens as well. In that scenario, the payload will be stored as a >>>> JSONObject in the cache as the value and the key will be the "jti" value >>>> (Unique identifier of the token) of the token. >>>> >>>> The swagger stored in the gateway as a local entry will be used to >>>> - retrieve the missing information in the payload of JWT token such as >>>> "API tier" >>>> - retrieve scopes bound to the resource for scope validation >>>> >>>> The related Git issue can be found here [1]. I would really appreciate >>>> any feedback. Thank you. >>>> >>>> Best regards, >>>> Chamod. >>>> >>>> [1] - https://github.com/wso2/product-apim/issues/5115 >>>> >>>> -- >>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> >>> >>> >>> -- >>> >>> *Harsha Kumara* >>> >>> Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Email: hars...@wso2.coim >>> Blog: harshcreationz.blogspot.com >>> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > Thanks & Regards, > > *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc > Mobile : +94772338839 | fazl...@wso2.com > > > -- Chamod Samarajeewa | Software Engineer | WSO2 Inc. (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture