Comments (9)
eshepelyuk
commented on May 21, 2024
Hello
First of all - thanks for the interest.
The idea looks good, so the question is - are you willing to provide a PR ?
PS: are you using the plugin with OPA ? At my project - we're solving similar challenges by delegating the decesions to OPA. It's much more flexible than relying on Traefik middlewares functionality.
from traefik-jwt-plugin.
alecor191
commented on May 21, 2024
Thanks @eshepelyuk for the fast response. I've not worked with Go yet, so not sure on a timeline I'd be able to contribute, as it would require some ramp-up before being able to provide a PR.
Thanks for the OPA tip! While we investigated OPA, we didn't consider it just yet; our current solution is still very basic, so we're just looking for something very simple to validate JWT tokens.
from traefik-jwt-plugin.
lvijnck
commented on May 21, 2024
@eshepelyuk could you kindly share how you've configured OPA to validate the audience?
P.S. I would be happy to crunch out a PR for this
from traefik-jwt-plugin.
eshepelyuk
commented on May 21, 2024
@eshepelyuk could you kindly share how you've configured OPA to validate the audience?
P.S. I would be happy to crunch out a PR for this
Hello
You should refer to OPA docs for API regarding parsing and verifying JWT tokens.
from traefik-jwt-plugin.
alecor191
commented on May 21, 2024
FWIW my understanding is that the aud claim is defined in RFC 7519, section 4.1.3.
Here an implementation of the aud claim validation in jose, a quite popular library in the JS world: checkAudiencePresence.
Notice how the value of aud can either be a single string or array of string (defined in RFC above and also reflected in the implementation of jose).
from traefik-jwt-plugin.
lvijnck
commented on May 21, 2024
I'm still a little lost on the OPA implementation, is the idea that I should have a running instance of the agent on my cluster, and this plugin offloads it? Or does it have the capability to directly validate the incoming request?
from traefik-jwt-plugin.
eshepelyuk
commented on May 21, 2024
I'm still a little lost on the OPA implementation, is the idea that I should have a running instance of the agent on my cluster, and this plugin offloads it? Or does it have the capability to directly validate the incoming request?
Added a diagram recently that should answer the question.
https://github.com/team-carepay/traefik-jwt-plugin#open-policy-agent
from traefik-jwt-plugin.
majidakbaridh
commented on May 21, 2024
Hi,
Thank you for your great work on this plugin, I tested it for one of my use-cases and it is working fine. However in my case I need to validate JWT token based on audience and when I found this open issue I realized that maybe the plugin can't check it.
I want to make sure my assumption about aud is correct, and also request that is there any chance to add it to this plugin in the future?
from traefik-jwt-plugin.
eshepelyuk
commented on May 21, 2024
Hello
This plugin doesn't support validation of JWT token for aud claim, but you can implement any non-existing custom validation with OPA or you can provide a PR for this particular claim.
from traefik-jwt-plugin.
majidakbaridh
commented on May 21, 2024
Hello,
Please provide some more samples for Gatekeeper in Kubernetes environment. For example how we can use constraints to use with this Plugin?
from traefik-jwt-plugin.
Related Issues (20)
- Supported only with traefik enterprise? HOT 3
- [proposal] Make JWT token optional HOT 6
- Does it check expiration date? HOT 5
- [proposal] Allow to skip request body parsing via config flag HOT 3
- [Proposal] support for reading token from cookie
- [proposal] OPA driven HTTP status code
- Request for collaboration HOT 12
- Accessing maps inside the jwt HOT 1
- [proposal] Deprecate traefik-opa-plugin HOT 4
- missing Authorization header should fail immediately if required HOT 3
- How to verify Alg, Iss and Aud? HOT 4
- How to use simple symetric key HOT 3
- Problem with preflight request HOT 1
- opa response set in the http response to the client when the request isn't allowed HOT 5
- Update the version in the README HOT 1
- traefik returns 403 if OPA is enabled and request body is a json array
- Configurable HTTP headers for OPA requests
- [proposal] Move the plugin into dedicated GitHub org HOT 4
- Difficulty when trying to setup dynamic configuration via `docker-compose.yml` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik-jwt-plugin.