Hi all, We need to differentiate the API Key from a normal JWT token. The API Key is a simple JWT but when an API Key is provided we need to authenticate the user as well. For this purpose, we added the additional claim "apiKey" to the issuing JWT. If it is present in the token, it will be recognized as an API Key. I highly appreciate if you have any suggestions regarding this.
Thanks. On Fri, Dec 6, 2019 at 3:54 PM Amali Matharaarachchi <ama...@wso2.com> wrote: > Hi Harsha, > > Will the token endpoint is default one and provide an option to point to >> the key manager in a standard deployment? > > > Configurations similar to the following are added to micro-gw.conf file to > enable the self JWT issuer and to provide related configurations [1]. > > [jwtTokenConfig]issuer="https://localhost:9443/oauth2/token"audience="http://org.wso2.apimgt/gateway"certificateAlias="wso2apim"validateSubscription=false > [jwtTokenConfig.jwtIssuer]enabled=falsevalidityPeriod=600keyStoreAlias="ballerina" > > > >> What's the endpoint that we going to provide and how the request would >> look like to get a key? > > > The token endpoint would issue the self JWT token when JWT issuer is > enabled in the config [2]. > > curl -X get "https://localhost:9096/token"; -H "Authorization:Basic > Z2VuZXJhbFVzZXIxOnBhc3N3b3Jk" -k > > [1] > https://github.com/wso2/product-microgateway/issues/897#issuecomment-561996404 > [2] > https://github.com/wso2/product-microgateway/issues/897#issuecomment-562422055 > > On Fri, Dec 6, 2019 at 3:03 PM Amali Matharaarachchi <ama...@wso2.com> > wrote: > >> Hi all, >> There is a Slack Discussion[1] in #microgateway channel as well. >> >> [1] https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900 >> <https://www.google.com/url?q=https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900&sa=D&source=hangouts&ust=1575710969667000&usg=AFQjCNGG0eIVN13izofrh7vcvPxPyP-NYA> >> >> On Fri, Dec 6, 2019 at 2:48 PM Harsha Kumara <hars...@wso2.com> wrote: >> >>> Please discuss this in public groups. >>> >>> What's the endpoint that we going to provide and how the request would >>> look like to get a key? >>> >>> Will the token endpoint is default one and provide an option to point to >>> the key manager in a standard deployment? >>> >>> >>> On Fri, Dec 6, 2019 at 2:31 PM Amali Matharaarachchi <ama...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> We are planning to add a feature for issuing simple JWTs which are to >>>> be used in Microgateway. Please refer GitHub issue [1] for more >>>> information. >>>> >>>> This feature addresses the user story "As a developer, I would like to >>>> invoke my micro gateway API easily without configuring a key manager". A >>>> self-contained JWT token should be issued as the API key by the >>>> Microgateway server without communicating with an external Key >>>> Manager. This API key would later use to authenticate the user when >>>> invoking an API. >>>> >>>> A token endpoint secured with basic authentication would be provided to >>>> issue the API Key. When invoked with this API Key, API key's sub claim >>>> could be used to authenticate the user and validate that the user has the >>>> privilege. >>>> >>>> JWT token format would be similar to: >>>> header >>>> { >>>> "alg": "RS256", >>>> "typ": "jwt", >>>> "kid": "ballerina" >>>> } >>>> payload >>>> { >>>> "sub": "generalUser1", >>>> "iss": "https://localhost:9443/oauth2/token";, >>>> "exp": 1575620540, >>>> "iat": 1575619940, >>>> "jti": "bb38e533-e127-4991-95a2-7a383e634eba", >>>> "aud": "http://org.wso2.apimgt/gateway";, >>>> "apiKey": true >>>> } >>>> >>>> We highly appreciate your suggestions. Thank you. >>>> >>>> [1] https://github.com/wso2/product-microgateway/issues/897 >>>> -- >>>> *Amali Lakshika* >>>> >>>> >>>> >>>> >>>> *Software EngineerWSO2 Inc.: https://wso2.com >>>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >>>> >>>> *skype: amali.94d* >>>> >>>> <http://wso2.com/signature> >>>> >>>> >>> >>> >>> -- >>> >>> *Harsha Kumara* >>> >>> Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Email: hars...@wso2.coim >>> Blog: harshcreationz.blogspot.com >>> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> *Amali Lakshika* >> >> >> >> >> *Software EngineerWSO2 Inc.: https://wso2.com >> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >> >> *skype: amali.94d* >> >> <http://wso2.com/signature> >> >> > > > -- > *Amali Lakshika* > > > > > *Software EngineerWSO2 Inc.: https://wso2.com > <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* > > *skype: amali.94d* > > <http://wso2.com/signature> > > -- *Amali Lakshika* *Software EngineerWSO2 Inc.: https://wso2.com <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* *skype: amali.94d* <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
