chaos-stream-proxy icon indicating copy to clipboard operation
chaos-stream-proxy copied to clipboard
verified publisher icon Eyevinn

Optional support for protecting endpoint with JWT token and logging

Open birme opened this issue 2 years ago • 0 comments

JWT token endpoint protection

If the service is started with the environment variable JWT_SECRET it should require a JWT token as query-parameter to the endpoint requests (health endpoint excluded).

The JWT-token should include the following payload:

{
  "company": <COMPANY>,
  "email": <EMAIL-TO-PERSON-AT-COMPANY>
}

The JWT-token is signed by the secret specified in the env variable JWT_SECRET and validated on requests. If not valid a "Not Authorized" status code should be returned.

Additional logging

All requests should be logged as a JSON-structure including the information provided in the JWT and endpoint accessed

birme avatar Jun 07 '23 07:06 birme