Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → eclipse → Microprofile Jwt Auth

eclipse / Microprofile Jwt Auth

Licence: apache-2.0

Programming Languages

68154 projects - #9 most used programming language

// // Copyright (c) 2016-2020 Contributors to the Eclipse Foundation // // See the NOTICES file(s) distributed with this work for additional // information regarding copyright ownership. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. //

JWT RBAC for MicroProfile

Introduction

Today, the most common solutions involving RESTful and microservices security are based on http://openid.net/connect/[OpenID Connect (OIDC)], https://tools.ietf.org/html/rfc6749[OAuth2] and https://tools.ietf.org/html/rfc7519[JSON Web Token (JWT)] standards.

This specification outlines how the signed JWT tokens issued by OIDC and other trusted providers can be verified and their claims used for Role Based Access Control (RBAC) of microservice endpoints.

Motivation

For RESTful based microservices, security tokens in a JWT format offer a lightweight and interoperable way to propagate identities across different services, where:

Services don’t need to store any state about clients or users
Services can verify and introspect the token locally if it follows a JWT format or remotely with the trusted provider.
Services can identify the caller and verify a given service is indeed an indended audience of the token.
Services can enforce authorization policies based on the information within the token.
Services can use the token for both delegation and impersonation of identities.

Documentation

For links to the latest maven artifacts, Javadoc and specification document, see the link:https://github.com/eclipse/microprofile-jwt-auth/releases/latest[latest release].

Project Links

Continuous Integration

https://ci.eclipse.org/microprofile/job/JWT-Auth-maven-snapshots/[Snapshot Build Jobs]
https://ci.eclipse.org/microprofile/job/MicroProfile%20Releases/[Release Build Jobs]

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 72

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (30) 🔗