NGINX Plus: Local JWT Validation

[mpstefan]

As a cluster operator using NGF I want to block any traffic without a valid JWT on the request So that I can ensure all of my traffic on my authenticated endpoints are authenticated.

Background

As our first pass at authentication and authorization, we want to provide a first-class mechanism to validate JSON Web Tokens using a local key. This is a high use feature especially for larger organizations using NGINX Plus, to be immediately followed by OpenID Connect support for remote key retrieval.

Not included in this epic:

• JWT Authorization - validating specific fields or scopes within a JWT
• OpenID Connect or remote jwks support

Acceptance Criteria

• NGF users are able to add a filter for HTTPRoutes for JWT authentication specifying a local JWT file
• Any http/https requests that match for the HTTPRoute with enabled JWT authentication are validated against the configured JWT key file and rejected if the JWT fails validation.

[jasonwilliams14]

@mpstefan Might want to break these out into two. one for authentication one for authorization.

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 10 days with no activity.