jwt-auth
is an authentication plugin that need to work with consumer
. Add JWT Authentication to a service
or route
.
The consumer
then adds its key to the query string parameter, request header, or cookie
to verify its request.
For more information on JWT, refer to JWT for more information.
Name | Requirement | Description |
---|---|---|
key | required | different consumer have different value, it's unique. different consumer use the same key , and there will be a request matching exception. |
secret | optional | encryption key. if you do not specify, the value is auto-generated in the background. |
algorithm | optional | encryption algorithm. supportHS256 , HS384 , HS512 , RS256 and ES256 ,HS256 is default. |
exp | optional | token's expire time, the unit is second. for example, 5 minutes, need to set the value of 300.( 5 * 60 = 300 ) |
jwt-auth
optioncurl http://127.0.0.1:9080/apisix/admin/consumers -X PUT -d ' { "username": "jack", "plugins": { "jwt-auth": { "key": "user-key", "secret": "my-secret-key" } } }'
you can visit Dashboard http://127.0.0.1:9080/apisix/dashboard/
and add a Consumer through the web console:
then add jwt-auth plugin in the Consumer page:
jwt-auth
plugincurl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d ' { "methods": ["GET"], "uri": "/index.html", "plugins": { "jwt-auth": {} }, "upstream": { "type": "roundrobin", "nodes": { "39.97.63.215:80": 1 } } }'
jwt-auth
plugin:$ curl http://127.0.0.2:9080/apisix/plugin/jwt/sign?key=user-key -i HTTP/1.1 200 OK Date: Wed, 24 Jul 2019 10:33:31 GMT Content-Type: text/plain Transfer-Encoding: chunked Connection: keep-alive Server: APISIX web server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2NDA1MDgxMX0.Us8zh_4VjJXF-TmR5f8cif8mBU7SuefPlpxhH0jbPVI
$ curl http://127.0.0.2:9080/index.html -i HTTP/1.1 401 Unauthorized ... {"message":"Missing JWT token in request"}
$ curl http://127.0.0.2:9080/index.html -H 'Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2NDA1MDgxMX0.Us8zh_4VjJXF-TmR5f8cif8mBU7SuefPlpxhH0jbPVI' -i HTTP/1.1 200 OK Content-Type: text/html Content-Length: 13175 ... Accept-Ranges: bytes <!DOCTYPE html> <html lang="cn"> ...
$ curl http://127.0.0.2:9080/index.html?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2NDA1MDgxMX0.Us8zh_4VjJXF-TmR5f8cif8mBU7SuefPlpxhH0jbPVI -i HTTP/1.1 200 OK Content-Type: text/html Content-Length: 13175 ... Accept-Ranges: bytes <!DOCTYPE html> <html lang="cn"> ...
$ curl http://127.0.0.2:9080/index.html --cookie jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2NDA1MDgxMX0.Us8zh_4VjJXF-TmR5f8cif8mBU7SuefPlpxhH0jbPVI -i HTTP/1.1 200 OK Content-Type: text/html Content-Length: 13175 ... Accept-Ranges: bytes <!DOCTYPE html> <html lang="cn"> ...
When you want to disable the jwt-auth
plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:
$ curl http://127.0.0.1:2379/v2/keys/apisix/routes/1 -X PUT -d value=' { "methods": ["GET"], "uri": "/index.html", "id": 1, "plugins": {}, "upstream": { "type": "roundrobin", "nodes": { "39.97.63.215:80": 1 } } }'