Newbie Question on Authorization and JWT

I have be reading the dos for authentication and authorization here

In short summary I am planning on my services handling their own authorization as it relates to internal authorization ie… can the user have access to a particular object (content:1234)

What I believe is happening with Istio Security is it handles the following

  1. It can validate the JWT token before any of my services are hit
  2. It can authorize the request is allowed to call requested service
  3. I believe I can actually generate the JWT token with Istio

I want to make sure I am right about the above AND ask 2 additional questions

  1. I was planning on including roles in the token and that is how my services handle local security as I mentioned above ie… can the user access content:1234.
    Is this possible? How do I do this? Do I connect Istio to some code I write or a MicroServcie I write? Confused about this

  2. I assume the JWT token will be on the request so I should be able to access it within my services behind Istio. Just making sure.

thank you in advance for any help

bump? any answers here?

Hi @Jason_Tesser, I think you might have better luck asking this question on the Istio slack workspace where the devs are a little more active.