https://github.com/kdhttps/jwt-auth
JWT Token authentication - Kong Plugin
https://github.com/kdhttps/jwt-auth
Last synced: 23 days ago
JSON representation
JWT Token authentication - Kong Plugin
- Host: GitHub
- URL: https://github.com/kdhttps/jwt-auth
- Owner: kdhttps
- License: gpl-3.0
- Created: 2019-09-15T17:32:18.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-09-21T17:20:19.000Z (over 5 years ago)
- Last Synced: 2025-02-05T16:24:31.999Z (3 months ago)
- Language: Lua
- Size: 28.3 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# jwt-auth
JWT Authenticaion plugin for Kong Lua plugin
# Setup
## Clone
Plugin use some third party libs so need to clone repository recursively.
With version 2.13 of Git and later
```
git clone --recurse-submodules [email protected]:3gthtech/jwt-auth.git
```
With version 1.9 of Git up until version 2.12
```
git clone --recursive [email protected]:3gthtech/jwt-auth.git
```
## Kong Configuration
### Take a file from your local clone repo `/third-party` folder.
```
$ sudo cp -R /third-party/lua-resty-lrucache/lib/resty/ /usr/local/share/lua/5.1/resty
$ sudo cp /third-party/lua-resty-lrucache/lib/resty/lrucache.lua /usr/local/share/lua/5.1/resty
$ sudo cp -a /third-party/lua-resty-jwt/lib/resty/. /usr/local/share/lua/5.1/resty
$ sudo cp -a /third-party/lua-resty-hmac/lib/resty/. /usr/local/share/lua/5.1/resty
```
### Install our `jwt-auth` with kong plugin
```
$ sudo cp -R /kong/plugins/jwt-auth /usr/local/share/lua/5.1/kong/plugins
```
Enable plugin by adding plugin name in `/etc/kong/kong.conf`
```
plugins = bundled, jwt-auth
```
`bundled` is for kong default plugins. After adding this name, restart kong `sudo kong restart`.
# Configuration
1. Add service
```
$ curl --fail -sS -X POST --url http://localhost:8001/services/ --header 'content-type: application/json' --data '{"name":"demo-service","url":"http://backend"}'
```
2. Add Route
```
$ curl --fail -i -sS -X POST --url http://localhost:8001/services/demo-service/routes --data 'hosts[]=backend.com'
```
Before add plugin check proxy with your upstream API
```
curl -i -sS -X GET --url http://localhost:8000/v1/user --header 'Host: backend.com'
```
3. Add Plugin
```
$ curl -v -i -sS -X POST --url http://localhost:8001/plugins/ --header 'content-type: application/json;charset=UTF-8' --data '{"config":{"check_jwt_expire":60,"login_endpoint":"/tokens","refresh_token_endpoint":"/tokens","upstream_url":"http://localhost:8081"},"name":"jwt-auth","service":{"id":"dc862e47-4475-4cb0-ac48-9f9d4f1eb869"}}'
```
Schema details
| Title | Description |
|-------|-------------|
| upstream_url | Your upstream service example: `http://localhost:8081` |
| login_endpoint | Authotization endpoint from your upstream service from where you get JWT. Example: `/tokens` |
| refresh_token_endpoint | Refresh token endpoint from your upstream service from where you get new JWT by refresh token. Example: `/tokens` |
| check_jwt_expire | Time in second to check old JWT expire time before it expired. This time in seconds. Default value is 60 seconds. |
# Usage
Request to login_endpoint through kong proxy to upstream service.
```
$ curl -sS -X POST --url http://localhost:8000/tokens --header 'Host: backend.com' --header 'content-type: application/json' --data '{"email":"[email protected]", "password": "admin"}'
```
Get a new token from this and request to access protected resources.
```
curl -i -sS -X GET --url http://localhost:8000/v1/user --header 'Host: backend.com' --header 'Authorization: Bearer '
```
# Test
[Test cases](./t)