AnthonyDeroche
commented
5 years ago There is only the possibility to get authenticated user in your app but not the full token. (https://github.com/AnthonyDeroche/mod_authnz_jwt#how-to-get-authenticated-user-in-your-apps) It is likely possibility to expose the token in another header with Apache rules.
There is no cache, the computing time is really fast, even faster is you are using elliptic curve instead of RSA.
grzegorzk
@AnthonyDeroche I see you support HS256 symmetric jwt. My use case is that I need to generate a token from a key(the jwt iss or issuer) + secret with a proper exp(say valid 15 minutes into the future or whatever) and then add that token as an Authorization: Bearer Header OR if that is not available then to do like query parameter ?jwt= before I proxy. Does your lib expose any kind of environment variable or something I can reference in a conf file to access a token this module generates, and then attach it as a Bearer token header when Apache reverse proxies? Also curious if you have thought to add any cache logic so that same token can be referenced without taking a hit on cpu/crypto every tx request so the cache lives the life of the token?(not a big deal if not really, I don't expect the traffic to be so hard hitting that the extra crypto will kill me)
Thanks in advance if you have any insights, an example conf would be helpful as I am super new to httpd(I usually use nginx)! -Jeremy