Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
This repository was archived by the owner on Aug 7, 2023. It is now read-only.

Symfony bundle help to authenticate request forwarded by Istio sidecar.

License

NotificationsYou must be signed in to change notification settings

php-istio/jwt-authentication-bundle

Repository files navigation

unit testscoding standardscodecovLatest Stable Version

About

The Symfony bundle provides JWT authentication for request forwarded by Istio sidecar.

To use this bundle, make sure your K8S application pod had injected Istio sidecar and configuredRequestAuthentication CRD, if not your applicationIS NOT SECURE.

The main difference between the awesomeLexik JWT Authentication bundleand this bundle is it'sNOT validate JWT token because Istio sidecar had validated before forward request to your application,so that your application don't need to hold public key and double validate JWT token.

Requirements

PHP versions:

  • PHP 8.0

Symfony versions:

  • Symfony 5.3

Installation

composer require php-istio/jwt-authentication-bundle

Configuration

Enablethe authenticator manager setting:

# config/packages/security.yamlsecurity:enable_authenticator_manager:true# ...

Then, configure yourconfig/packages/security.yaml:

security:enable_authenticator_manager:trueaccess_control:     -path:^/roles:IS_AUTHENTICATED_FULLYfirewalls:#...main:stateless:trueistio_jwt_authenticator:rules:          -issuer:issuer_1# Requireduser_identifier_claim:sub#Default is `sub` claimorigin_token_headers:[authorization]#Required at least once of `origin_token_headers`, `origin_token_query_params` or `base64_headers`. Use this option when your Istio JWTRule CRD using `forwardOriginalToken`.origin_token_query_params:[token]#Use this option when your Istio JWTRule CRD using `forwardOriginalToken` and your JWT token in query param.base64_headers:[x-istio-jwt-payload]# Use this option when your Istio JWTRule CRD using `outputPayloadToHeader`.prefix:"Bearer"#Token prefix of origin token passthrough by default blank ("") if not set.

In case your application have multi issuers:

#....main:stateless:trueistio_jwt_authenticator:rules:          -issuer:issuer_1origin_token_headers:[authorization]prefix:"Bearer"          -issuer:issuer_2user_identifier_claim:audbase64_headers:[x-istio-jwt-payload]#....

Usage

#!/bin/bash#Generate mock JWT token forwarded by Istio sidecarpayload='{"issuer":"issuer_1", "sub": "test"}';base64_payload=$(echo -n$payload| base64 -);origin_token=$(echo"header.$base64_payload.signature");#You can test authenticate origin token with curl:curl -H"Authorization: Bearer$origin_token" http://localhost/#Or authenticate base64 payload header:curl -H"X-Istio-JWT-Payload:$base64_payload" http://localhost/

Further readings

Credits

About

Symfony bundle help to authenticate request forwarded by Istio sidecar.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors2

  •  
  •  

Languages

[8]ページ先頭
©2009-2025 Movatter.jp