Hi, we have a scenario where we need to build a custom plugin which has the following requirement:
1. It needs to accept an access token(JWT) coming as part of the request's authorization header.
2. It needs to make a REST call to a microservice along with the access token and validate the response coming from microservice( similar to Service-callout policy in apigee edge).
Are they any custom plugins which will implement a service callout policy functionality?
@srinandans please give ur suggestion on how to approach the above requirements.
@Dino-at-Google can u help me with the above requirements??
Validating a JWT can be done in-process. You don't need to call out remotely.
In fact there is already an existing plugin that does this - it validates a JWT using a specified JWKS endpoint. It's called extauth.
However, if you wish to call out synchronously to do that validation, I suppose you could do it. You'd want to write your own plugin that uses the request module to call out to a different service, from within the onrequest function.
Consult the plugin source code to get some tips !
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |