Giters

hyperioxx / frontman

Frontman is an open-source API gateway written in Go that allows you to manage your microservices and expose them as a single API endpoint. It acts as a reverse proxy and handles requests from clients, routing them to the appropriate backend service.

Home Page:https://frontman-labs.github.io/frontman/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Phase 2 - Implement support for JSON Web Tokens (JWT) authentication

hyperioxx opened this issue · comments

commented

As part of Phase 2, we would like to implement support for JSON Web Tokens (JWT) authentication in Frontman. JWT is a widely used standard for representing claims between two parties. Adding support for JWT authentication would enable users to easily secure their APIs by authenticating and authorising incoming requests.

Proposed Solution:

We propose adding a new middleware in Frontman that would be responsible for validating JWT tokens. The middleware would be configurable with options such as the JWT issuer, audience, and signature verification key.

When a request comes in, the middleware would validate the JWT token in the Authorization header against the configured options. If the token is valid, the middleware would add the user identity and other claims to the request context, allowing downstream handlers to make authorization decisions.

We would also update the documentation to provide guidance on how to generate JWT tokens and how to configure Frontman to validate them.

This feature would add more security to Frontman and make it more versatile for developers to use for their APIs.

commented

Hey, I have recently started working on this. I've got it mostly working, I just have a quick question. Typically I have used a url to get the jwks instead of having them in the config. The config would just have the url to get the keys from and on initialization the gateway would load the available keys into memory. Do you think this is an acceptable approach?

commented

@nhaydel That's awesome, cant wait to see it! There's one thing to consider is that it need's to have the ability to use a different authentication mechanism per endpoint defined

commented

@hyperioxx ahh that is something I hadn't considered. I will have to update how the Auth config is provided

commented

@nhaydel That's awesome, cant wait to see it! There's one thing to consider is that it need's to have the ability to use a different authentication mechanism per endpoint defined

@hyperioxx when you say per endpoint defined do you mean per backend service or per endpoint within a backend service?

commented

@nhaydel sorry i mean backend service :)

commented

#46 been release with v0.0.14

And a thank you to @nhaydel !!