Pluggable JWT validator for protecting endpoints

[brunifrancesco]

Dears, we're currently using this component to host and deploy few products and publish them via STAC. I'm wondering if I could add an authentication layer. I'm aware of the fact that these kind of products does not care about authentication logics, but I'd find it very useful to have it inplace inside this component.

Among all the authentication mechanisms, JWT is pretty common and used almost everywhere. I was thinking a pluggable JWT validator, configured directly on the before_request decorator in blueprints and checking:

• expire time
• signature

Just a validator with a common shared signature key, configured somewhere in the settings of Flask. No login, no logout.

I can implement the feature by myself but I'd like to hear you first if you something different in mind.

[whatnick]

You can layer authentication outside the application using an authentication on an ingress such as NGINX or others : https://github.com/virtualzone/jwt-auth-proxy . We (CSIRO EASI) , typically do this using AWS ALB + Cognito.

[brunifrancesco]

Thanks for getting back to me.  Your solutions seems correct, but it's a bit overkill for now, since I'd validate the JWT only.  I'll think about it.  Thanks