- Notifications
You must be signed in to change notification settings - Fork0
The library help to extract trusted JWT payload from request forwarded by Istio sidecar.
License
php-istio/jwt-payload-extractor
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This library help to extract trusted JWT payload from request forwarded by Istio Sidecar. It's basedonPSR-7 Server Request Message ensures interoperability with other packages andframeworks.
PHP versions:
- PHP 8.0
First install this library:
composer require php-istio/jwt-payload-extractor
And choice one of PSR-7 implementation package (ex:nyholm/psr7-server):
composer require nyholm/psr7 nyholm/psr7-server
IstioJWTRules part ofRequestAuthentication CRD (Custom Resource Definition) support forward origintoken (forwardOriginalToken option), or just only base64 payload via specify header name(outputPayloadToHeader option), depend on your strategy you need to select method to extract your trusted JWT payload from forwarded request:
- Extract from origin token in header:
<?php$psr17Factory =new \Nyholm\Psr7\Factory\Psr17Factory();$creator =new \Nyholm\Psr7Server\ServerRequestCreator($psr17Factory,// ServerRequestFactory$psr17Factory,// UriFactory$psr17Factory,// UploadedFileFactory$psr17Factory// StreamFactory);$serverRequest =$creator->fromGlobals();$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer.example');$payload =$extractor->extract($serverRequest);if(null !==$payload) {var_dump($payload);}// by default it extract token from `authorization` header with `Bearer ` prefix, you can change it via next args:$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer.example','x-token','yourPrefix');
- Extract origin token in query param:
<?php//......$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer.example','token');$payload =$extractor->extract($serverRequest);//......
- Extract base64 payload in header:
<?php//......$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromBase64Header('issuer.example','x-istio-jwt-payload');$payload =$extractor->extract($serverRequest);//......
- In case your application have many JWT issuers, or many extraction strategies:
<?php//......$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromExtractors( \Istio\JWTPayloadExtractor\ExtractorFactory::fromBase64Header('issuer1.example','x-istio-jwt-payload'), \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer1.example','token'), \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer2.example','authorization'), \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer3.example','token'),);$payload =$extractor->extract($serverRequest);//......
This library usesPHPUnit for unit tests:
vendor/bin/phpunit
About
The library help to extract trusted JWT payload from request forwarded by Istio sidecar.
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.