JWT and Authorization

sethokayba · March 14, 2019, 2:39pm

hello All,

Does istio 1.0.5 support the use of JWT for authorization purposes between service calls and end-user calls ?

Thank you.
Cheers.

aguromano · March 20, 2019, 12:53pm

Hello @sethokayba, what are you trying to achieve?

sethokayba · March 20, 2019, 1:05pm

i am trying to apply authorization between service in a mesh ruled by istio, using JWT tokens, is that weird ?

theganyo · March 20, 2019, 9:01pm

You absolutely can do this.

liminwang · March 22, 2019, 12:14am

sethokayba, yes, it’s supported. See examples https://istio.io/docs/concepts/security/#servicerolebinding and https://istio.io/blog/2018/istio-authorization/#using-authenticated-client-identities.

sethokayba · June 30, 2019, 6:27pm

Thank you for your answers.
Cheers.

jammerful · July 1, 2019, 7:25pm

@liminwang In my JWT I would have a list of groups that the end user is part of, and I would like to check that they are a member of one group in particular, is that possible?

philliple · July 2, 2019, 9:41pm

@jammerful This may help https://istio.io/docs/tasks/security/rbac-groups/

Topic		Replies	Views
Newbie Question on Authorization and JWT Contributors	2	606	January 20, 2020
Use of JWT Token in service to service authentication Security security	0	460	March 12, 2023
Passing Authorization headers automatically (JWT) between microservices Security	10	9184	March 30, 2023
Role or group based authorization for backend services Security	3	501	June 27, 2019
Can Istio Security Peer Authentication & JWT Authentication Used in Parallel Security	8	1744	July 28, 2020

JWT and Authorization

Related topics