I have be reading the dos for authentication and authorization here
In short summary I am planning on my services handling their own authorization as it relates to internal authorization ie… can the user have access to a particular object (content:1234)
What I believe is happening with Istio Security is it handles the following
- It can validate the JWT token before any of my services are hit
- It can authorize the request is allowed to call requested service
- I believe I can actually generate the JWT token with Istio
I want to make sure I am right about the above AND ask 2 additional questions
-
I was planning on including roles in the token and that is how my services handle local security as I mentioned above ie… can the user access content:1234.
Is this possible? How do I do this? Do I connect Istio to some code I write or a MicroServcie I write? Confused about this -
I assume the JWT token will be on the request so I should be able to access it within my services behind Istio. Just making sure.
thank you in advance for any help