Tree Gateway - Authentication
We are assuming in these examples, that our test gateway will be running at 'http://gateway.address.com'.
JWT
JWT Example
---
name: MyJWTAuthenticatedAPI
version: 1.0.0
path: jwt/
proxy:
target:
host: http://httpbin.org
authentication:
strategy:
name: jwt
options:
extractFrom:
authHeader: Bearer
queryParam: jwt
secretOrKey: secret
This sample will make tree gateway to check authentication using JWT tokens before proxy the request
to the mapped API (http://httpbin.org).
The token will be verified using the key 'secret' and you will be able to provide the token through one of those methods:
- the header 'Authorization' with the 'Bearer' scheme. Eg. curl -H "Authorization: Bearer [TOKEN]" http://gateway.address.com/jwt/get
- the query parameter 'jwt'. Eg. curl http://gateway.address.com/jwt/get?jwt=[token]
Basic
Basic Authentication
---
name: MyBasicAuthenticatedAPI
version: 1.0.0
path: basic/
proxy:
target:
host: http://httpbin.org
authentication:
strategy:
name: basic
options:
verify:
name: verifyMyUser
"use strict";
const User = require('./my-user-service');
module.exports = function (userid, password, done){
User.findOne({ username: userid }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!user.verifyPassword(password)) { return done(null, false); }
return done(null, user);
});
};
This sample will make tree gateway to check authentication using http basic scheme before proxy the request
to the mapped API (http://httpbin.org).
The verifyMyUser middleware is used to verify the provided username and password.
Authenticate Groups os URIs
Group Example
---
name: MyGroupAuthenticatedAPI
version: 1.0.0
path: group/
group:
- id: secureGroup
description: Secured endpoints
member:
- path:
- "!/public/**/*"
proxy:
target:
host: http://httpbin.org
authentication:
strategy:
name: jwt
options:
extractFrom:
authHeader: Bearer
queryParam: jwt
secretOrKey: secret
group: secureGroup
This sample wil configure the same authentication as we show in the JWT example, but
applying it only to certain group of URIs.
All API requests will be authenticated, except by those which starts with '/public' in its path.
Example of URI that will not be authenticated:
curl http://gateway.address.com/group/public/get.