Hi Harsha, Will the token endpoint is default one and provide an option to point to > the key manager in a standard deployment?
Configurations similar to the following are added to micro-gw.conf file to enable the self JWT issuer and to provide related configurations [1]. [jwtTokenConfig]issuer="https://localhost:9443/oauth2/token"audience="http://org.wso2.apimgt/gateway"certificateAlias="wso2apim"validateSubscription=false [jwtTokenConfig.jwtIssuer]enabled=falsevalidityPeriod=600keyStoreAlias="ballerina" > What's the endpoint that we going to provide and how the request would > look like to get a key? The token endpoint would issue the self JWT token when JWT issuer is enabled in the config [2]. curl -X get "https://localhost:9096/token"; -H "Authorization:Basic Z2VuZXJhbFVzZXIxOnBhc3N3b3Jk" -k [1] https://github.com/wso2/product-microgateway/issues/897#issuecomment-561996404 [2] https://github.com/wso2/product-microgateway/issues/897#issuecomment-562422055 On Fri, Dec 6, 2019 at 3:03 PM Amali Matharaarachchi <[email protected]> wrote: > Hi all, > There is a Slack Discussion[1] in #microgateway channel as well. > > [1] https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900 > <https://www.google.com/url?q=https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900&sa=D&source=hangouts&ust=1575710969667000&usg=AFQjCNGG0eIVN13izofrh7vcvPxPyP-NYA> > > On Fri, Dec 6, 2019 at 2:48 PM Harsha Kumara <[email protected]> wrote: > >> Please discuss this in public groups. >> >> What's the endpoint that we going to provide and how the request would >> look like to get a key? >> >> Will the token endpoint is default one and provide an option to point to >> the key manager in a standard deployment? >> >> >> On Fri, Dec 6, 2019 at 2:31 PM Amali Matharaarachchi <[email protected]> >> wrote: >> >>> Hi all, >>> >>> We are planning to add a feature for issuing simple JWTs which are to be >>> used in Microgateway. Please refer GitHub issue [1] for more information. >>> >>> This feature addresses the user story "As a developer, I would like to >>> invoke my micro gateway API easily without configuring a key manager". A >>> self-contained JWT token should be issued as the API key by the >>> Microgateway server without communicating with an external Key >>> Manager. This API key would later use to authenticate the user when >>> invoking an API. >>> >>> A token endpoint secured with basic authentication would be provided to >>> issue the API Key. When invoked with this API Key, API key's sub claim >>> could be used to authenticate the user and validate that the user has the >>> privilege. >>> >>> JWT token format would be similar to: >>> header >>> { >>> "alg": "RS256", >>> "typ": "jwt", >>> "kid": "ballerina" >>> } >>> payload >>> { >>> "sub": "generalUser1", >>> "iss": "https://localhost:9443/oauth2/token";, >>> "exp": 1575620540, >>> "iat": 1575619940, >>> "jti": "bb38e533-e127-4991-95a2-7a383e634eba", >>> "aud": "http://org.wso2.apimgt/gateway";, >>> "apiKey": true >>> } >>> >>> We highly appreciate your suggestions. Thank you. >>> >>> [1] https://github.com/wso2/product-microgateway/issues/897 >>> -- >>> *Amali Lakshika* >>> >>> >>> >>> >>> *Software EngineerWSO2 Inc.: https://wso2.com >>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >>> >>> *skype: amali.94d* >>> >>> <http://wso2.com/signature> >>> >>> >> >> >> -- >> >> *Harsha Kumara* >> >> Technical Lead, WSO2 Inc. >> Mobile: +94775505618 >> Email: [email protected] >> Blog: harshcreationz.blogspot.com >> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > *Amali Lakshika* > > > > > *Software EngineerWSO2 Inc.: https://wso2.com > <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* > > *skype: amali.94d* > > <http://wso2.com/signature> > > -- *Amali Lakshika* *Software EngineerWSO2 Inc.: https://wso2.com <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* *skype: amali.94d* <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
