Skip to content

sanderPostma/traefik-validate-jwt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
cmd
cmd
 
 
vendor
vendor
 
 
.traefik.yml
.traefik.yml
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
middleware.go
middleware.go
 
 
traefik-validate-jwt.iml
traefik-validate-jwt.iml
 
 

Repository files navigation

--- UNDER CONSTRUCTION --- DO NOT USE YET

JWT bearer token validator

Traefik middleware, to authenticate against Azure app registrations. It filters access by tenant id and application/clientid which have to be in the dynamic configuration.
(Similar plugins have role checking, but since any Azure tenant can create its own valid JWT containing any role, this one is using the ids as the filter.)

The open-id configuration is deduced from the idp or idd claims. In the openId configuration it will look up the "jwks_uri" which is then validated against the authentication server. Next the token expiry time is verified and finally the filters are matched from the config to see if the tenant id and application/clientid is allowed into the target service. The request is forwarded if all the criteria match.

About

No description or website provided.

Topics

traefik-plugin

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages