search

hyperioxx / frontman

Frontman is an open-source API gateway written in Go that allows you to manage your microservices and expose them as a single API endpoint. It acts as a reverse proxy and handles requests from clients, routing them to the appropriate backend service.
https://frontman-labs.github.io/frontman/
GNU General Public License v3.0
5 stars 0 forks source link

Phase 2 - Implement support for JSON Web Tokens (JWT) authentication #18

Closed hyperioxx closed 1 year ago

hyperioxx commented 1 year ago

As part of Phase 2, we would like to implement support for JSON Web Tokens (JWT) authentication in Frontman. JWT is a widely used standard for representing claims between two parties. Adding support for JWT authentication would enable users to easily secure their APIs by authenticating and authorising incoming requests.

Proposed Solution:

We propose adding a new middleware in Frontman that would be responsible for validating JWT tokens. The middleware would be configurable with options such as the JWT issuer, audience, and signature verification key.

When a request comes in, the middleware would validate the JWT token in the Authorization header against the configured options. If the token is valid, the middleware would add the user identity and other claims to the request context, allowing downstream handlers to make authorization decisions.

We would also update the documentation to provide guidance on how to generate JWT tokens and how to configure Frontman to validate them.

This feature would add more security to Frontman and make it more versatile for developers to use for their APIs.

nhaydel commented 1 year ago

Hey, I have recently started working on this. I've got it mostly working, I just have a quick question. Typically I have used a url to get the jwks instead of having them in the config. The config would just have the url to get the keys from and on initialization the gateway would load the available keys into memory. Do you think this is an acceptable approach?

hyperioxx commented 1 year ago

@nhaydel That's awesome, cant wait to see it! There's one thing to consider is that it need's to have the ability to use a different authentication mechanism per endpoint defined

nhaydel commented 1 year ago

@hyperioxx ahh that is something I hadn't considered. I will have to update how the Auth config is provided

nhaydel commented 1 year ago

@nhaydel That's awesome, cant wait to see it! There's one thing to consider is that it need's to have the ability to use a different authentication mechanism per endpoint defined

@hyperioxx when you say per endpoint defined do you mean per backend service or per endpoint within a backend service?

hyperioxx commented 1 year ago

@nhaydel sorry i mean backend service :)

hyperioxx commented 1 year ago

46 been release with v0.0.14

And a thank you to @nhaydel !!