search

The-OAG-Development-Project / Application-Gateway

OWASP Application Gateway is an HTTP proxy that handles Oauth2 authentication and session management
https://owasp.org/www-project-application-gateway/
Apache License 2.0
83 stars 4 forks source link

Token-Mapping #62

Closed gianlucafrei closed 3 years ago

gianlucafrei commented 3 years ago

Documentation: https://github.com/gianlucafrei/Application-Gateway/wiki/Configuration:-User-Mapping Deployed Demo: https://oag.azurewebsites.net/echo/

gianlucafrei commented 3 years ago

Sample token with the following settings:

securityProfiles:
  apiforspa:
    csrfProtection: samesite-strict-cookie
    userMapping:
      type: "jwt-mapping"
      settings:
        headerName: "Authorization"
        headerPrefix: "Bearer "
        audience: "<<route-url>>"
        issuer: "<<hostUri>>"
        tokenLifetimeSeconds: 30
        signatureImplementation: "hmac"
        signatureSettings:
          secretKey: deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
          keyId: Sample Key
        mappings:
          provider:       <session.provider>
          email_verified: <mappings.email_verified>
          email:          <mappings.email>
          proxy:          "OWASP Application Gateway"
          picture:        <mappings.picture>
          sessionId:      <session.id>
{
  "kid": "Sample Key",
  "typ": "JWT",
  "alg": "HS256"
}.{
  "sub": "115386631462932515897",
  "email_verified": "true",
  "iss": "https://oag.azurewebsites.net",
  "sessionId": "481f0c54c5190223",
  "picture": "https://lh3.googleusercontent.com/a-/AOh14Gh-B4gbJynYi-BTfyQ6113tkCpNhbdAJ2WZrnHC=s96-c",
  "aud": "https://nellydemoapp.azurewebsites.net",
  "proxy": "OWASP Application Gateway",
  "nbf": 1616329569,
  "provider": "google",
  "exp": 1616329599,
  "iat": 1616329569,
  "jti": "dacd6ca710bf44ae",
  "email": "gian-luca.frei@owasp.org"
}.[Signature]