I would like to have the following feature. If it is already supported with some configuration, please advise.
-
If the client request comes with Authorization: Bearer <external-jwt-token>, this middleware should just verify the signature and if it is good, passthrough Authorization: Bearer <external-jwt-token> to the upstream service.
-
If the client request does not have Authorization: Bearer <external-jwt-token>, then redirect the user to the configured OAuth provider and extract the claims, then create a new small JWT, then forward Authorization: Bearer <internal-jwt-token> to the upstream service.
I would like to have the following feature. If it is already supported with some configuration, please advise.
If the client request comes with
Authorization: Bearer <external-jwt-token>, this middleware should just verify the signature and if it is good, passthroughAuthorization: Bearer <external-jwt-token>to the upstream service.If the client request does not have
Authorization: Bearer <external-jwt-token>, then redirect the user to the configured OAuth provider and extract the claims, then create a new small JWT, then forwardAuthorization: Bearer <internal-jwt-token>to the upstream service.