https://github.com/sorasful/traefik-jwt-optional-api-validator

Traefik Middleware to check incoming request's Authorization token to see if that's valid or not using an API call. Avoiding duplicating verification code.
https://github.com/sorasful/traefik-jwt-optional-api-validator

jwt traefik traefik-plugin traefik-plugin-catalog

Last synced: 6 months ago
JSON representation

Traefik Middleware to check incoming request's Authorization token to see if that's valid or not using an API call. Avoiding duplicating verification code.

• Host: GitHub
• URL: https://github.com/sorasful/traefik-jwt-optional-api-validator
• Owner: sorasful
• License: mit
• Created: 2023-01-18T17:08:54.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2023-01-28T22:11:17.000Z (over 3 years ago)
• Last Synced: 2026-01-12T14:49:49.360Z (6 months ago)
• Topics: jwt, traefik, traefik-plugin, traefik-plugin-catalog
• Language: Go
• Homepage:
• Size: 24.4 KB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# JWT Middleware API Validator

JWT Middleware API Validator is a middleware plugin for [Traefik](https://github.com/containous/traefik) which verifies a jwt token and adds the payload as injected header to the request

Meaning that if the authorization code is in the request, it will get checked, and if it does, the request will go through.

The way the request is checked is by sending a GET request to a specific endpoint that you can override with `ValidateAPIUrl`. 

If it returns a 200 response, it will go through.

If you want to check that a request is authenticated you'll need to verify that there is a `Authorization` header in your request.

You can also check the header that is injected `ProxyHeaderName`  which is `injectedPayload` by default.

We delete it from the incoming requests, just in case.

This plugin is heavily inspired by : https://github.com/23deg/jwt-middleware 

## Configuration

Start with command

```yaml

command:

  - "--experimental.plugins.traefik-jwt-optional-api-validator.modulename=github.com/sorasful/traefik-jwt-optional-api-validator"

  - "--experimental.plugins.traefik-jwt-optional-api-validator.version=v0.0.14"

```

Activate plugin in your config  

```yaml

http:

  middlewares:

    my-jwt-middleware:

      plugin:

        traefik-jwt-optional-api-validator:

          proxyHeaderName: injectedPayload

          authHeader: Authorization

          headerPrefix: Bearer

          optional: true

          ValidateAPIUrl: http://yourAPI/validate-token

```

Use as docker-compose label  

```yaml

  labels:

        - "traefik.http.routers.my-service.middlewares=my-jwt-middleware@file"

```