search

BTBurke / caddy-jwt

JWT middleware for the Caddy server
MIT License
113 stars 40 forks source link

Using placeholders for allow directive #45

Open adam-stanek opened 5 years ago

adam-stanek commented 5 years ago

Hello,

I am starting with Caddy and I am trying to use placeholders for the allow directive in the JWT config. I have following testing scenario:

(auth) {
  jwt {
    path /

    # this works
    # allow aud app1.127.0.0.1.nip.io:2015

    # this does not work
    allow aud {host}
  }
}

app1.127.0.0.1.nip.io:2015 {
  tls off
  import auth
  proxy / http://app1:8000
}

app2.127.0.0.1.nip.io:2015 {
  tls off
  import auth
  proxy / http://app2:8000
}

During my fiddling with Caddy I learnt that placeholders are not supported on every directive. Is that the reason for this not working? If so, do you see this as something that can be added to caddy-jwt?

My reason for this is that I have SSO service which I am using to issue the tokens. It is working very well, but I need to prevent JWT token reuse (taking token from app1 and using it for app2). Tokens already contain the claim which I would like to use for validation, but I need to use host name dynamically (the app config is auto-configured from docker in my scenario and I don't have much control over that).

BTBurke commented 5 years ago

Hi Adam,

This plugin currently doesn't support those placeholders. It's an interesting use case though. I'm sure it's possible to add this, but I'd have to look at how to do it. Unfortunately, I don't have a ton of time to work on this right now.

If anyone is reading this and wants to work it, I'm happy to accept a pull request to add this.

On Sat, Apr 27, 2019 at 05:52:46AM -0700, adam-stanek wrote:

Hello,

I am starting with Caddy and I am trying to use placeholders for the allow directive in the JWT config. I have following testing scenario:

(auth) {
  jwt {
    path /

    # this works
    # allow aud app1.127.0.0.1.nip.io:2015

    # this does not work
    allow aud {host}
  }
}

app1.127.0.0.1.nip.io:2015 {
  tls off
  import auth
  proxy / http://app1:8000
}

app2.127.0.0.1.nip.io:2015 {
  tls off
  import auth
  proxy / http://app2:8000
}

During my fiddling with Caddy I learnt that placeholders are not supported on every directive. Is that the reason for this not working? If so, do you see this as something that can be added to caddy-jwt?

My reason for this is that I have SSO service which I am using to issue the tokens. It is working very well, but I need to prevent JWT token reuse (taking token from app1 and using it for app2). Tokens already contain the claim which I would like to use for validation, but I need to use host name dynamically (the app config is auto-configured from docker in my scenario and I don't have much control over that).

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/BTBurke/caddy-jwt/issues/45

adam-stanek commented 5 years ago

Thanks for the quick response and all your work on this project. I am not Go developer myself so I don't think I can help here. But seeing the recent adoption of Go in projects like this I think I should give it a try during some downtime :)