Microservice that exposes endpoint for issuing new JWT tokens.
#Issuing a JWT tokens
A client can get a JWT token by accesing the signin endpoint at <jwt-issuer-host:port>/jwt/signin.
The client must send a POST request (content type application/x-www-form-urlencoded - form post)
with the following parameters:
username- the user's usernamepassword- passwordscope- the scope for the request (api:readorapi:write)
An example with curl:
curl -v -X POST -d "username=user&password=p@ss&scope=api:read" "http://jwt.myhost:8080/jwt/signin"
> POST /jwt/signin HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 47
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 47 out of 47 bytes
< HTTP/1.1 201 Created
< Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDMwNTIwNDUsImlhdCI6MTUwMzA1MjAxNSwiaXNzIjoiSm9ybXVuZ2FuZHIgSldUIEF1dGhvcml0eSIsImp0aSI6ImQ4ZWU3NTRkLTc3YzAtNDBlOS1iN2ViLWRiY2Y1ZjVhMDlhZSIsIm5iZiI6MCwib3JnYW5pemF0aW9ucyI6IiIsInJvbGVzIjoidXNlciIsInNjb3BlcyI6ImFwaTpyZWFkIiwic3ViIjoiNTk5NDFjNWQwMDAwMDAwMDAwMDAwMDAwIiwidXNlcklkIjoiNTk5NDFjNWQwMDAwMDAwMDAwMDAwMDAwIiwidXNlcm5hbWUiOiJwYXZsZSJ9.HB7G5LXZgGK0wxLHIndtU_iwlzJP1ptDY2yhR7bADTB7kw0I8pU579QY5cr_tpc1GwTb3iev1pZvpB_XnNHRQonp6JIzeIUAFvZI4-X-fq7S_sfEMQyK12Id6sIr1MoIoFYPmgQGRlh5hJMWNS9UdeQp8qqAMQvEx42qCtrRUI_wQDl48V_Yp_fn_82DWWJZFEJ4FLfKu5l6bkJWpYcj3ChF-OrjP2uMcjMU1s3vUEnn6w9QuEgY1lYLjzMxVjDD0fTknNERrCaXFS25wbZl2WQYq62OcDsU1vjMCf_n3aPxP_He_I4nabJWtdIltoJC6UH-z5AZEUClFJs1sbYKEA
< Date: Fri, 18 Aug 2017 10:26:55 GMT
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
<
The JWT token will be available in the HTTP Response, the value of the Authorization header.
The service is configured using a JSON file with the following structure:
{
"jwt":{ // JWT Configuration
"issuer": "Jormungandr JWT Authority", // The name of the JWT issuer
"signingMethod": "RS512", // Method used for signing (RS256, RS512 etc)
"expiryTime": 30000 // JWT token validity period. The token expires in this many milliseconds after its being generated.
},
"keys": { // Map of keys. Must contain at least "default" and "system".
"default": "./test-keys/rsa_default", // Used for generating and signing the JWT tokens for the clients.
"system": "./test-keys/rsa_system" // Used for JWT token for accesing the User Microservice internally.
},
"microservice": { // Microservice configuration
"name": "jwt-issuer",
"port": 8080,
"virtual_host": "jwt.auth.jormugandr.org",
"hosts": ["localhost", "jwt.auth.jormugandr.org"],
"weight": 10,
"slots": 100
},
"services": { // Map of URLs for the internal services
"user-microservice": "http://kong.gateway:8001/user" // MUST contain URL for the "user-microservice". Set this to the Kogn API Gateway URL for the user microservice.
}
}Default path is /run/secrets/microservice_apps_management_config.json. To change the path set the SERVICE_CONFIG_FILE env var.
For contributing to this repository or its documentation, see the Contributing guidelines.