Express Gateway Release 1.5.0 with JWT support
You asked - we listened. That’s what open source projects should be all about. In the latest release of Express Gateway 1.5.0, we’ve included support for JSON Web Tokens (JWT). Let’s go!
What is a JSON Web Token?
A JSON Web Token (JWT) was the most requested feature from the Express Gateway community on Feathub.
Described as “an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.” This info can be verified and you can trust it because it is signed digitally.
How do JWTs get signed digitally?
JWTs are signed using a secret key pair (with the HMAC algorithm) or you can also use a public/private key pair using RSA, a public-key cryptosystem that is widely used for secure data transmission.
A sneek peek at the JWT policy in Express Gateway
The JWT policy can verify requests containing HS256 or RS256 signed JSON Web Tokens (as specified in RFC 7519)
Important: Each of your Consumers will have JWT credentials (public and secret keys) which must be used to sign their JWTs.
Then a token can be passed through the Authorization header or in the request’s URI or even in the body and the Gateway. This policy will either proxy the request to your upstream services if the token’s signature is verified, or discard the request if not.
Additionally, Express Gateway can also verify on some of the registered claims of RFC 7519 (
Get Started with the JWT Policy in Express Gateway
Use command with type
jwt. You can also use the Admin API to do the same thing
policies: - jwt
http: port: 8790 serviceEndpoints: example: # will be referenced in proxy policy url: 'http://example.com' apiEndpoints: api: path: '/*' pipelines: example-pipeline: apiEndpoints: # process all request matching "api" apiEndpoint - api policies: - jwt: - action: secretOrPublicKeyFile: '/app/key.pem' - proxy: - action: serviceEndpoint: example # reference to serviceEndpoints Section
Express Gateway supports several ways to locate your JSON Web Token in your request.
Check out more documentation right over here.
D is for Demo
We’ve recorded a special demo to help you get started with the JWT support in Express Gateway. Presented by Vincenzo Chianese, Engineer at LunchBadger and maintainer of Express Gateway.
What’s up next? So kind of you to ask! Check out the rest of the project milestones
We would love your support in making it happen and if you’re interested in becoming a maintainer or contributor, now’s the time!
Hit up Gitter and join the rest of the developer community.
Not quite ready? That’s ok!