A JWT based authentication api gateway based on Spring Cloud Gateway

This api gateway can be used to provide a central place to authenticate JWT token for all the back-ends services, and if the request is authenticated, this gateway will add 'X-jwt-sub=xxx' in the request http header, then all the backend services can use this customized header to do its own authorization. The 'X-jwt-sub' header value is extracted from the provided JWT token.

This is still under development until the Spring Cloud Gateway 2.0 officially released.

Road Map:

• Support JWT RSA256 and HMAC algorithm. Right now only RSA256 is supported to verify JWT token.
• Support to inject more JWT fields (issuer, expire_at) in the header.
• Support official Spring Cloud Gateway 2.0.
• Change the configuration more easy.
• Support Docker.
• Support Rate Limiter.

Get Started:

• git checkout and run maven install
• modify the application.yaml file example for your needs
• you must provide 2 environment variables: '${jwt.issuer}' and '${jwt.audience}' when launching this app
• then enjoy