search

Authentication

When configuring your API you can choose between different authentication methods, these are:

  • Basic/Digest Authentication

  • OAuth 2.0

  • JWT

We tried to design Janus in a way that the authentication provider are simple to setup and completely decoupled from the gateway.

Let's add an OAuth2 authentication to our endpoint.

hashtag
1. Configure OAuth2

First of all let's configure our oAuth2 provider. This could be any OAuth2 provider: Google, Facebook, etc... Let's bring a container up with a mocked OAuth2 server:

cd examples/front-proxy-auth
docker-compose up -d auth-service

Lets create a file with the oAuth2 configuration called auth.json:

{
    "name" : "local",
    "oauth_endpoints" : {
        "token" : {
            "listen_path" : "/auth/token",
            "upstreams" : {
            "balancing": "roundrobin",
            "targets": [
                {"target": "http://auth-service1:8080/token"},
                {"target": "http://auth-service2:8080/token"},
            ]
        },
            "strip_path" : true,
            "append_path" : false,
            "methods" : ["POST"]
        }
    },
    "token_strategy" : {
        "name" : "jwt",
        "settings" : [
            {"alg": "HS256", "key" : "secret"}
        ]
    }
}

So, what we've done here?

  1. The first thing is to give a name for the oAuth2 server.

  2. Within oauth_endpoints we setup only one endpoint for this example, which is the token. If you look closely you will see that the oauth_endpoints.token is just a proxy configuration, exactly the same that we used to configure our first endpoint.

  3. We've defined a token_strategy. Here you can choose between jwt or storage, storage means that Janus will be in charge of storing and managing (expiring, refreshing, etc) the tokens once they are returned from your oauth provider. JWT means that Janus will only check for expiration and secret of the tokens, but it wont store them.

    This allows Janus to not go on the auth service on every single request to check the validity of the token.

If you want to check all available configurations for OAuth2 please visit this.

Now lets add this configuration to Janus:

http -v POST localhost:8081/oauth/servers "Authorization:Bearer yourToken" "Content-Type: application/json" < auth.json

curl -X "POST" localhost:8081/oauth/servers -H "Authorization:Bearer yourToken" -H "Content-Type: application/json" -d @auth.json

hashtag
2. Add a plugin for your endpoint

Now that we have an oauth2 available to use, lets add it to our endpoint, just create a file called auth_plugin.json:

http -v PUT localhost:8081/apis/my-endpoint "Authorization:Bearer yourToken" "Content-Type: application/json" < auth_plugin.json

curl -X "PUT" localhost:8081/apis/my-endpoint -H "Authorization:Bearer yourToken" -H "Content-Type: application/json" -d @auth_plugin.json

hashtag
Testing the endpoint

If we make a request to our endpoint, it should fail:

Adding an Authorization field with a wrong token, gives us this:

So, lets get a valid token:

Now if we request with the right token you should be able to go through.

Of course in a real world scenario your auth service would have to check for a client ID and Secret, set an expiration on the token, etc...

PreviousAdd PluginsNextAdding your API - File System

Last updated

Was this helpful?