How to use existing Gluu OpenId Connect Client into Tyk JWT authorization mode?

Hi,

I am referring to this document ( Step by step guide using Gluu (tyk.io)) in Tyk to setup Jwt Authorization mode for my API.

I managed to follow all the steps in the document and successfully got the same response as shown in the document.

However, I have a question here. I have a Gluu server, and already have a Gluu client that I created in Gluu (not through Tyk). In this Tyk document tutorial, it shows how to create a new Gluu client and assign it to the API (through Tyk developer portal). I am just wondering is there any way to use the current existing Gluu client, and assign it to the API?

Thanks.

Regards,

Maan Tarng

Hi @maantarng, we are checking this internally and would get back to you

Hello @maantarng,

Yes. Tyk can natively do that if you set the JWKS endpoint on your API. You can then set policies (AuthN and AuthZ) dynamically by mapping specific scope claims to polices. Here is a documentation page that could help.

Regards,
Zaid

Thanks for your help.

Thanks for your help and information. I will look into it.

Hi @zaid ,

I saw a diagram in Tyk. Here is the diagram:

tyk-jwt1141×798 74.9 KB

Just wondering about step 5 in the diagram. Do you know how to get the identity claim, so that Tyk can generate an internal identity based on this identity claim?

Regards,

Maan Tarng

Hello @maantarng

This section of docs should explain everything.

You first need to create the policies. Once that is done you can tell Tyk the scope claim name that it will find the claim value under and associate those claim values with a policy. This how it would look like in the API def.

  "jwt_scope_to_policy_mapping": {
    "admin": "59672779fa4387000129507d",
    "developer": "53222349fa4387004324324e"
  },
  "jwt_scope_claim_name": "our_scope"

Thanks for your help. I will look into it.