Tutorial Request: JWT Service Accounts - Githubissues

go-aah / aah

A secure, flexible, rapid Go web framework

https://aahframework.org

MIT License

691 stars 33 forks source link

Tutorial Request: JWT Service Accounts #164

Closed moos3 closed 6 years ago

moos3 commented 6 years ago

It would be great to see how you would implement JWT tokens for service accounts. This would be a great addition to the rest api jwt tutorial.

jeevatkm commented 6 years ago

@moos3 Thank you for your suggestion. Yes, I agree. Will create a tutorial for that.

moos3 commented 6 years ago

👍 Can't wait :) I have been playing with this and using static passwords in my connecting services :) Another great thing to add to that would be payload signing.

jeevatkm commented 6 years ago

@moos3 I have finished the v0.11.0 development, currently working on documentation and example updates. Expected to be released on 1st week of July.

I would like to clarify few things:

JWT service accounts - do you meant OAuth 2.0 JWT flow?
v0.11.0 release brings OAuth 2.0 (3-legged flow) built-in with simple configuration.
Could you provide details for payload signing?
- Then I would think on generalizing the solution in the aah

moos3 commented 6 years ago

Yeah, I was thinking about authorization/authentication between microservices. OAuth with custom services.

jeevatkm commented 6 years ago

@moos3 Okay, I believe you have OAuth2 Server at your end or using some cloud service.

With OAuth2 auth scheme (coming in v0.11.0 release) you could do service to service auth 😄

jeevatkm commented 6 years ago

@moos3 Please try v0.11.0 release and share your feedback.

jeevatkm commented 6 years ago

I'm closing it. Please let me know.