Comments (9)
Hello
First of all - thanks for the interest.
The idea looks good, so the question is - are you willing to provide a PR ?
PS: are you using the plugin with OPA ? At my project - we're solving similar challenges by delegating the decesions to OPA. It's much more flexible than relying on Traefik middlewares functionality.
from traefik-jwt-plugin.
Thanks @eshepelyuk for the fast response. I've not worked with Go yet, so not sure on a timeline I'd be able to contribute, as it would require some ramp-up before being able to provide a PR.
Thanks for the OPA tip! While we investigated OPA, we didn't consider it just yet; our current solution is still very basic, so we're just looking for something very simple to validate JWT tokens.
from traefik-jwt-plugin.
@eshepelyuk could you kindly share how you've configured OPA to validate the audience?
P.S. I would be happy to crunch out a PR for this
from traefik-jwt-plugin.
@eshepelyuk could you kindly share how you've configured OPA to validate the audience?
P.S. I would be happy to crunch out a PR for this
Hello
You should refer to OPA docs for API regarding parsing and verifying JWT tokens.
from traefik-jwt-plugin.
FWIW my understanding is that the aud
claim is defined in RFC 7519, section 4.1.3.
Here an implementation of the aud
claim validation in jose, a quite popular library in the JS world: checkAudiencePresence
.
Notice how the value of aud
can either be a single string or array of string (defined in RFC above and also reflected in the implementation of jose).
from traefik-jwt-plugin.
I'm still a little lost on the OPA implementation, is the idea that I should have a running instance of the agent on my cluster, and this plugin offloads it? Or does it have the capability to directly validate the incoming request?
from traefik-jwt-plugin.
I'm still a little lost on the OPA implementation, is the idea that I should have a running instance of the agent on my cluster, and this plugin offloads it? Or does it have the capability to directly validate the incoming request?
Added a diagram recently that should answer the question.
https://github.com/team-carepay/traefik-jwt-plugin#open-policy-agent
from traefik-jwt-plugin.
Hi,
Thank you for your great work on this plugin, I tested it for one of my use-cases and it is working fine. However in my case I need to validate JWT token based on audience
and when I found this open issue I realized that maybe the plugin can't check it.
I want to make sure my assumption about aud
is correct, and also request that is there any chance to add it to this plugin in the future?
from traefik-jwt-plugin.
Hello
This plugin doesn't support validation of JWT token for aud
claim, but you can implement any non-existing custom validation with OPA or you can provide a PR for this particular claim.
from traefik-jwt-plugin.
Hello,
Please provide some more samples for Gatekeeper in Kubernetes environment. For example how we can use constraints to use with this Plugin?
from traefik-jwt-plugin.
Related Issues (20)
- Supported only with traefik enterprise? HOT 3
- [proposal] Make JWT token optional HOT 6
- Does it check expiration date? HOT 5
- [proposal] Allow to skip request body parsing via config flag HOT 3
- [Proposal] support for reading token from cookie
- [proposal] OPA driven HTTP status code
- Request for collaboration HOT 12
- Accessing maps inside the jwt HOT 1
- [proposal] Deprecate traefik-opa-plugin HOT 4
- missing Authorization header should fail immediately if required HOT 3
- How to verify Alg, Iss and Aud? HOT 4
- How to use simple symetric key HOT 3
- Problem with preflight request HOT 1
- opa response set in the http response to the client when the request isn't allowed HOT 5
- Update the version in the README HOT 1
- traefik returns 403 if OPA is enabled and request body is a json array
- Configurable HTTP headers for OPA requests
- [proposal] Move the plugin into dedicated GitHub org HOT 4
- Difficulty when trying to setup dynamic configuration via `docker-compose.yml` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik-jwt-plugin.