Skip to content

Instantly share code, notes, and snippets.

@asantos2000

asantos2000/KongJwt.md

Forked from martinheld/KongJwt.md
Last active June 29, 2017 17:46
Show Gist options
  • Save asantos2000/14f776e1690a25ebacdc1541be0d1cb6 to your computer and use it in GitHub Desktop.
Save asantos2000/14f776e1690a25ebacdc1541be0d1cb6 to your computer and use it in GitHub Desktop.
Download ZIP
Short example to use JWT with Kong
Raw
KongJwt.md

JWT Kong Example

  • Get and Start Kong and Co
git clone https://github.com/Mashape/docker-kong.git
cd docker-kong/compose
docker-compose up
  • Create Kong API Route
curl -X POST \
  http://localhost:8001/apis \
  -H 'content-type: multipart/form-data' \
  -F uris=/echo \
  -F upstream_url=https://echo.getpostman.com/get \
  -F strip_uri=true \
  -F name=Echo
  • Enable JWT Plugin For Route
curl -X POST http://localhost:8001/apis/echo/plugins \
    --data "name=jwt" \ 
    --data "config.secret_is_base64=true"
  • Create a Kong Consumer
curl -X POST http://localhost:8001/consumers \
   --data "username=bill"
  • Create JWT Credentials for User and Note key and secret from response
curl -H "Content-Type: application/json" -X POST -d '{}' http://localhost:8001/consumers/bill/jwt

Response

{
  "algorithm": "HS256", 
  "consumer_id": "d81b558c-b418-46c6-8115-15bc49bd0d1f", 
  "created_at": 1498755860000, 
  "id": "a4281b9d-9753-4cb9-ac29-23a8d7a872bf", 
  "key": "27cc39fd7e044f07804125d2aee75916", 
  "secret": "b310087ac80549b7881205b984f9c9b8"
}

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "bill",
  "admin": true,
  "iss": "27cc39fd7e044f07804125d2aee75916" <----- Key
}

Verify Signature

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  b310087ac80549b7881205b984f9c9b8 <------ Secret
) true secret base64 encoded

Encoded results token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6ImJpbGwiLCJhZG1pbiI6dHJ1ZSwiaXNzIjoiMjdjYzM5ZmQ3ZTA0NGYwNzgwNDEyNWQyYWVlNzU5MTYifQ.UcDRwoff74Hh_hJ6ZDCVkrFa1ziNlEiT8WLUbDGnp8E

Invoking service

curl -X GET \
  'http://localhost:8000/echo?test=123' \
  -H 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6ImJpbGwiLCJhZG1pbiI6dHJ1ZSwiaXNzIjoiMjdjYzM5ZmQ3ZTA0NGYwNzgwNDEyNWQyYWVlNzU5MTYifQ.UcDRwoff74Hh_hJ6ZDCVkrFa1ziNlEiT8WLUbDGnp8E'

Result

{
    "args": {
        "test": "123"
    },
    "headers": {
        "host": "postman-echo.com",
        "accept": "*/*",
        "accept-encoding": "gzip, deflate",
        "cache-control": "no-cache",
        "postman-token": "3295eabd-b5d6-4e16-a77f-d832cb829586",
        "referer": "http://localhost:8000/echo?test=123",
        "user-agent": "PostmanRuntime/6.1.6",
        "x-forwarded-port": "443",
        "x-forwarded-proto": "https"
    },
    "url": "https://postman-echo.com/get?test=123"
}

References

  1. https://blogs.technet.microsoft.com/livedevopsinjapan/2017/05/06/jwt-authentication-using-kong-with-kubernetes-on-azure/
  2. http://microservices.io/patterns/security/access-token.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment