NGINX Plus: JWT Validation

[mpstefan]

As a cluster operator using NGF
I want to block any traffic without a valid JWT on the request
So that I can ensure all of my traffic on my authenticated endpoints are authenticated.

Background

As our first pass at authentication and authorization, we want to provide a first-class mechanism to validate JSON Web Tokens using a local key or from a jwks endpoint. This is a big API Gateway use case especially for larger organizations using NGINX Plus as authentication is most often performed at the "edge" of the application boundary.

Not included in this epic:

• JWT Authorization - validating specific fields or scopes within a JWT
• OpenID Connect Support (yet)

Acceptance Criteria

• NGF users are able to add a filter for HTTPRoutes for JWT authentication specifying a either a public key or a jwks endpoint.
• Any http/https requests that match for the HTTPRoute with enabled JWT authentication are validated against the configured JWT keys and rejected if the JWT fails validation.

[jasonwilliams14]

@mpstefan Might want to break these out into two.
one for authentication
one for authorization.

[github-actions]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions]

This issue was closed because it has been stalled for 10 days with no activity.