nginx-gateway-fabric icon indicating copy to clipboard operation
nginx-gateway-fabric copied to clipboard

Published 20 hours ago verified publisher icon nginxinc

NGINX Plus: JWT Validation

Open mpstefan opened this issue 2 years ago • 3 comments
trafficstars

As a cluster operator using NGF I want to block any traffic without a valid JWT on the request So that I can ensure all of my traffic on my authenticated endpoints are authenticated.

Background

As our first pass at authentication and authorization, we want to provide a first-class mechanism to validate JSON Web Tokens using a local key or from a jwks endpoint. This is a big API Gateway use case especially for larger organizations using NGINX Plus as authentication is most often performed at the "edge" of the application boundary.

Not included in this epic:

  • JWT Authorization - validating specific fields or scopes within a JWT
  • OpenID Connect Support (yet)

Acceptance Criteria

  • NGF users are able to add a filter for HTTPRoutes for JWT authentication specifying a either a public key or a jwks endpoint.
  • Any http/https requests that match for the HTTPRoute with enabled JWT authentication are validated against the configured JWT keys and rejected if the JWT fails validation.

mpstefan avatar Jul 07 '23 19:07 mpstefan