{"id":22822492,"url":"https://github.com/gatehill/apiman-plugins-session","last_synced_at":"2025-03-30T23:41:40.735Z","repository":{"id":76112616,"uuid":"51718283","full_name":"gatehill/apiman-plugins-session","owner":"gatehill","description":"Simple web session management plugins for apiman, using JWT and cookies.","archived":false,"fork":false,"pushed_at":"2017-01-29T15:54:11.000Z","size":103,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-27T02:25:26.719Z","etag":null,"topics":["apiman","jwt","plugin","session-cookie"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gatehill.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-14T22:58:02.000Z","updated_at":"2018-04-21T23:31:06.000Z","dependencies_parsed_at":"2023-07-03T05:49:30.258Z","dependency_job_id":null,"html_url":"https://github.com/gatehill/apiman-plugins-session","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gatehill%2Fapiman-plugins-session","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gatehill%2Fapiman-plugins-session/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gatehill%2Fapiman-plugins-session/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gatehill%2Fapiman-plugins-session/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gatehill","download_url":"https://codeload.github.com/gatehill/apiman-plugins-session/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246395573,"owners_count":20770240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apiman","jwt","plugin","session-cookie"],"created_at":"2024-12-12T16:12:07.752Z","updated_at":"2025-03-30T23:41:40.716Z","avatar_url":"https://github.com/gatehill.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# apiman-plugins-session [![Build Status](https://travis-ci.org/outofcoffee/apiman-plugins-session.svg?branch=master)](https://travis-ci.org/outofcoffee/apiman-plugins-session)\n\nA suite of [apiman](http://apiman.io) plugins providing simple web session management using [JWT](https://jwt.io) and [cookies](https://tools.ietf.org/html/rfc6265).\n\n## Overview\n\nWith these plugins installed in your _apiman_ instance, you can issue, validate and revoke web session cookies.\n\n# Policies\n\nThere are three policies:\n\n* Cookie Issue Policy\n* Cookie Validate Policy\n* Cookie Remove Policy\n\nThe policies are described in more detail below. There are many configuration options that allow you to tailor behaviour to your environment.\n\n## Issuing session cookies\n\nAuthentication is delegated to a back-end service, which is expected to provide a [JSON Web Token](https://jwt.io) (JWT) in its response, such as:\n\n    HTTP/1.1 200 OK\n    Content-Type: application/json\n    \n    {\n      \"id_token\": \"your-jwt-here\"\n    }\n\nYou configure the 'Cookie Issue Policy' to look for this token and issue a session cookie.\n\nYou can optionally extract a Claim from the JWT response (for example, 'sub’; the subject), which will be added to the request headers of subsequent incoming requests to your back-end services. This allows your services to know which user made the request. If you don't explicitly choose a Claim to extract, the whole JWT will be passed to your back-end service as a header instead.\n\n\u003e Note: The JWT should be signed using the _Signing secret_ set in the plugin configuration.\n\n## Validating session cookies\n\nOnce a session cookie has been issued, the gateway remembers the session until it expires.\n\nOn receipt of an incoming request, the 'Cookie Validator Policy' looks for the presence of the session cookie, then validates the corresponding session. If:\n\n  * validation fails, an _HTTP 401 Unauthorized_ response is returned to the caller\n  * validation succeeds, the request is passed-on to the back-end API, optionally containing the value of the JWT (or\n  Claim), extracted during the authentication flow\n\nExpiration of the session means the configured timeout period has elapsed and no requests have been received within this\ntime.\n\n## Revoking session cookies\n\nThe 'Cookie Remove Policy' revokes cookies and optionally invalidates the session corresponding to that cookie's value.\n\n# Building\n\nIf you want to compile the policies yourself, use:\n\n    mvn clean install\n    \n...and see the JAR files under the `target` directories.\n\nImporting into your favourite IDE is easy, as long as it supports Maven projects.\n\n## Tests\nIf you want to run unit tests, run:\n\n    mvn clean test\n\n# Recent changes\n\nFor recent changes see the [Changelog](CHANGELOG.md).\n\n# Contributing\n\nPull requests are welcome.\n\n# Author\n\nPete Cornish (outofcoffee@gmail.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgatehill%2Fapiman-plugins-session","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgatehill%2Fapiman-plugins-session","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgatehill%2Fapiman-plugins-session/lists"}