JWT and Authorization

hello All,

Does istio 1.0.5 support the use of JWT for authorization purposes between service calls and end-user calls ?

Thank you.
Cheers.

Hello @sethokayba, what are you trying to achieve?

i am trying to apply authorization between service in a mesh ruled by istio, using JWT tokens, is that weird ?

You absolutely can do this.

sethokayba, yes, it’s supported. See examples https://istio.io/docs/concepts/security/#servicerolebinding and https://istio.io/blog/2018/istio-authorization/#using-authenticated-client-identities.

Thank you for your answers.
Cheers.

@liminwang In my JWT I would have a list of groups that the end user is part of, and I would like to check that they are a member of one group in particular, is that possible?

@jammerful This may help https://istio.io/docs/tasks/security/rbac-groups/