Traefik Ingressroute OIDC and JWT

ingress.yaml

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-tls
  namespace: app
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`app.d.aws.traefiklabs.tech`)
      services:
        - name: app-v1
          port: 80
      middlewares:
        - name: oidc-auth
  tls:
    certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-tls-jwt
  namespace: app
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
    # consider having a more precise regular expression to match the JWT token explicitly 
      match: Host(`app.d.aws.traefiklabs.tech`) && HeadersRegexp (`Authorization`, `Bearer*`)
      services:
        - name: app-v1
          port: 80
      middlewares:
        - name: jwt-auth
  tls:
    certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: oidc-auth
  namespace: app
spec:
  plugin:
    oidcAuth:
      source: oidcSource
      scopes:
        - openid
      redirectUrl: "/callback"
      session:
        name: "%s-session"
        path: "/"
        secret: powpowpowpowpowpowpowpow
        expiry: 86400
      forwardHeaders:
        X-Traefik-Group: groups
      claims: Contains(`groups`, `admin`)
 
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: jwt-auth
  namespace: app
spec:
  plugin:
    jwtAuth:
      source: jwtSource
      forwardHeaders:
        X-User: id

Where did the jwtAuth plugin come from?

Hey @jacobsandersen, This is part of the Traefik Enterprise, please see the docs for that plugin. If you are interested in Traefik Enterprise don't hesitate to get in touch with Traefik Folks, cc/ @emilevauge