JWT和KONG具有自定义身份验证 [英] JWT and KONG with custom authrizations

问题描述

我在KONG上阅读了本教程 https://getkong.org/plugins/jwt/

I went through this tutorial on KONG https://getkong.org/plugins/jwt/

我对JWT和授权概念有所了解.我已经用Spring Boot原型化了JWT，可以在其中放置自己的键值，例如{{authorizations:"role_admin，role_user"}.

I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}.

在Spring Boot中很容易做到这一点，但是我找不到有关如何使用KONG进行此操作的信息.有人有任何信息吗?

It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it?

推荐答案

Kong社区版只能处理身份验证过程((允许或拒绝与客户联系).

Kong community edition can handle only the authentication process, (give or deny access to a customer).

授权过程(给定客户可以在您的应用程序中执行的操作)由您的应用程序或

Authorization process (what a given customer can do in your application) is handled by your application or by https://getkong.org/plugins/ee-oauth2-introspection/ oauth2 introspection plugin which is enterprise edition only

如果用户通过身份验证或由kong代理的原始令牌头，则可以基于X-Consumer-Username请求头编写自己的授权服务器

you can write your own authorization server based on X-Consumer-Username request header if user passed authentication or original token header proxied by kong

希望有帮助

这篇关于JWT和KONG具有自定义身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！