-
**As a** cluster operator using NGF
**I want** to block any traffic without a valid JWT on the request
**So that** I can ensure all of my traffic on my authenticated endpoints are authenticated.
### …
-
### Is there an existing request for this feature?
- [X] I have searched the existing issues for this feature request and I know that duplicates will be closed
### Is your feature request related to…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Feature Description
This feature implements backend authentication using JSON Web Tokens (JWT) to securely aut…
-
### Gloo Edge Version
1.14.x (latest stable)
### Kubernetes Version
None
### Describe the bug
If I send "authorization: bearer TOKEN", then I get a Jwt is missing error. You need to send "Authori…
-
### Preflight Checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions
- [X] I have joined the [ZITADEL chat](https://zitadel.com/chat)
### Describe your problem
We…
-
**Expected Behavior**
Currently, if the JWT is having typ as "at+jwt", the token is rejected with message "Failed to authenticate since the JWT was invalid". Spring Security Oauth2 Resource Server …
-
As discussed during IETF 120, I had to deal with customers that used Opaque Token on the public leg of the communication (Client to API) while it might be better to possess a JWT profiled token for th…
-
## Overview/summary
Currently shopify sends [`session-token`](https://shopify.dev/docs/apps/build/authentication-authorization/session-tokens) as part of the authorization header, or in the query sea…
-
The OAuth component should issue pairs of JWT tokens: an API access token that expires and a refresh token for acquiring another pair.
Note that it would be very useful to have non-expiring tokens …
-
Selective-Disclosure enabled credential formats give the inherent mechanism for data minimization.
Therefore, the need to specify the claims that shall be in a credential (done in authorization_det…