JSON Web Token Middleware
This middleware allows you to secure execution of a webtask using JWT tokens by validating issuer, audience, and scope claims.
Usage
-
Set the wt-node-dependencies
metadata property to the stringified JSON of an object with names of modules as the keys and values set to the latest version for the corresponding module.
{
"@webtask/middleware-compiler": "1.3.0",
"@webtask/jwt-middleware": "1.0.0"
}
-
Set the wt-compiler
metadata property on your webtask to @webtask/middleware-compiler
.
-
Set the wt-middleware
metadata property to @webtask/jwt-middleware
.
-
Set the wt-authorize-execution
metadata property to any value other than 0
to require either the wt:owner:<container>
or wt:admin
or the custom scope encoded in the wt-execution-scope
metadata property. You can disable any authorization checks for the execution of the webtask by setting wt-authorize-execution
metadata property to 0
or not including it in your request.
-
Set the wt-execution-iss
metadata property to the value of authorization_server
property obtained from the discovery endpoint of your deployment (located at {deployment_url}/api/description
).
-
Set the wt-execution-aud
metadata property to the value of audience
property obtained from the discovery endpoint of your deployment (located at {deployment_url}/api/description
).
-
Optionally, set the wt-execution-scope
metadata property to the name of a custom scope that can be used for authorization of webtask execution.
-
Optionally, set the wt-debug
metadata property to a comma-separated list of debug references that contains wt-middleware
. This will result in additional debug information being sent to real-time logs.
Creating and securing a webtask using CLI
-
Determine which profile you will use when creating the webtask or create a new one by running wt init
. For more options please refer to https://webtask.io/docs/wt-cli or wt init -h
.
-
Save your webtask code into a file f.e. echo "module.exports = function (cb) { cb(null, 'Hello'); }" > hello.js
.
-
In the same folder create a file meta
with all the metadata properties. Each property should be on its own line structured as KEY=VALUE
pair.
wt-authorize-execution=1
wt-node-dependencies={"@webtask/middleware-compiler":"^1.3.0","@webtask/jwt-middleware":"^1.0.0"}
wt-compiler=@webtask/middleware-compiler
wt-middleware=@webtask/jwt-middleware
wt-execution-iss={ISSUER_URI}
wt-execution-aud={AUDIENCE_URI}
wt-execution-scope={EXECUTION_SCOPE}
-
Run the create command wt create hello.js --meta-file meta -p {profile_name}
.