italolelis
commented
6 years ago @sivabudh what exatcly do you mean by centralized authentication? You mean SSO? If yes, then sure, you can use Janus with the introspection oauth configuration that will point to google oauth endpoints. This way janus will always check if the provided token is still valid.
One example is this oauth server configuration that we use for github SSO.
{
"name": "github-auth",
"oauth_endpoints": {
"authorize": {
"listen_path": "/auth/github/authorize",
"upstreams": {
"balancing": "roundrobin",
"targets": [{"target": "https://github.com/login/oauth/authorize"}]
},
"methods": [
"ALL"
]
},
"token": {
"listen_path": "/auth/github/token",
"upstreams": {
"balancing": "roundrobin",
"targets": [{"target": "https://github.com/login/oauth/access_token"}]
},
"methods": [
"GET",
"POST"
]
},
"introspect": {
"listen_path": "/auth/github/introspect",
"upstreams": {
"balancing": "roundrobin",
"targets": [{"target": "https://api.github.com/user"}]
},
"methods": ["GET"]
}
},
"secrets": {
"<your-client-id>": "<your-client-secret>"
},
"cors_meta": {
"enabled": true
"domains": ["*"],
"methods": [
"GET",
"POST",
"PUT",
"PATCH",
"DELETE",
"OPTIONS"
],
"request_headers": [
"Origin",
"Authorization",
"Content-Type"
],
},
"token_strategy": {
"name": "introspection",
"settings": {
"auth_header_type": "token",
"use_auth_header": true
}
}
}Please let me know if this answer you question
sivabudh
Just want to check about this specific feature. None of the other well-known API gateway has this feature.