Custom JWT #828

lublak · 2023-08-16T11:07:21Z

lublak
Aug 16, 2023

Currently i looking for an option to create my own JWT token from another sever.
Its planed to have something like this

{
  "user": "postgresuser"
  "groups": ["postgresgroup1", "postgresgroup2"]
}

Is this possible?

The groups and users exist in the database.
Here it only has to be validated whether the user or his groups have access to the database/table.

Access my_jwt_server -> get a jwt token -> use the jwt token in prest (certificate from the my_jwt_server).

Answered by arxdsilva

Dividing your discussion, here's some important topics about pREST:

We do support 3rd party JWTs, as long as the API knows how to verify it using the PREST_JWT_ALGO and PREST_JWT_KEY envs;
It is also possible to mark a route to be bypassed by the JWT verification using PREST_JWT_WHITELIST;
Currently we do not support other JWT checks, and that does include any users / permissions / groups related to the tables.

We are actively developing pREST and this is a great feature that might be added further in our path, thank you for the suggestion.

Best,
Arthur Silva

arxdsilva · 2023-09-11T13:05:49Z

Dividing your discussion, here's some important topics about pREST:

We do support 3rd party JWTs, as long as the API knows how to verify it using the PREST_JWT_ALGO and PREST_JWT_KEY envs;
It is also possible to mark a route to be bypassed by the JWT verification using PREST_JWT_WHITELIST;
Currently we do not support other JWT checks, and that does include any users / permissions / groups related to the tables.

We are actively developing pREST and this is a great feature that might be added further in our path, thank you for the suggestion.

Best,
Arthur Silva

0 replies