@webtask/jwt-middleware
Advanced tools
Webtask middleware for authenticating execution using JWT V2 token
Readme
This middleware allows you to secure execution of a webtask using JWT tokens by validating issuer, audience, and scope claims.
Set the wt-node-dependencies metadata property to the stringified JSON of an object with names of modules as the keys and values set to the latest version for the corresponding module.
{
"@webtask/middleware-compiler": "1.3.0",
"@webtask/jwt-middleware": "1.0.0"
}
Set the wt-compiler metadata property on your webtask to @webtask/middleware-compiler.
Set the wt-middleware metadata property to @webtask/jwt-middleware.
Set the wt-authorize-execution metadata property to any value other than 0 to require either the wt:owner:<container> or wt:admin or the custom scope encoded in the wt-execution-scope metadata property. You can disable any authorization checks for the execution of the webtask by setting wt-authorize-execution metadata property to 0 or not including it in your request.
Set the wt-execution-iss metadata property to the value of authorization_server property obtained from the discovery endpoint of your deployment (located at {deployment_url}/api/description).
Set the wt-execution-aud metadata property to the value of audience property obtained from the discovery endpoint of your deployment (located at {deployment_url}/api/description).
Optionally, set the wt-execution-scope metadata property to the name of a custom scope that can be used for authorization of webtask execution.
Optionally, set the wt-debug metadata property to a comma-separated list of debug references that contains wt-middleware. This will result in additional debug information being sent to real-time logs.
Determine which profile you will use when creating the webtask or create a new one by running wt init. For more options please refer to https://webtask.io/docs/wt-cli or wt init -h.
Save your webtask code into a file f.e. echo "module.exports = function (cb) { cb(null, 'Hello'); }" > hello.js.
In the same folder create a file meta with all the metadata properties. Each property should be on its own line structured as KEY=VALUE pair.
wt-authorize-execution=1
wt-node-dependencies={"@webtask/middleware-compiler":"^1.3.0","@webtask/jwt-middleware":"^1.0.0"}
wt-compiler=@webtask/middleware-compiler
wt-middleware=@webtask/jwt-middleware
wt-execution-iss={ISSUER_URI}
wt-execution-aud={AUDIENCE_URI}
wt-execution-scope={EXECUTION_SCOPE}
Run the create command wt create hello.js --meta-file meta -p {profile_name}.
FAQs
Webtask middleware for authenticating execution using JWT V2 token
We found that @webtask/jwt-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ecma TC39 is meeting this week and has moved key ECMAScript proposals forward, advancing Deferred Import Evaluation, Error.isError(), RegExp Escaping, and Promise.try to the next stages.
Security News
Researchers have demonstrated that teams of LLM agents can exploit zero-day vulnerabilities with a 53% success rate, and the costs of using AI to do so are rapidly becoming more affordable than hiring a human penetration tester.
Security News
In an unprecedented surge, May 2024 saw the publication of over 5,000 CVEs, marking a historic milestone in cybersecurity with an average of 164 CVEs per day, nearly double the 2023 daily average.