JWT authentication with grpc plugin

jeffrngu · March 19, 2018, 10:57pm

Hi,

I’m using Tyk CE 2.3.5. The APIs are configured to use JWT authentication with Tyk policy ID embedded as a claim. A grpc plugin is configured as a “pre” hook as shown below. MyPrehook does some request transformation before sending the modified request to downstream service.

If JWT is valid, the request went through fine. The issue is if I give a JWT token that’s already expired, the plugin still forwards the request to downstream service and Tyk still reports an error with the invalid JWT token. I want to make it so that the hook will not forward the request if for any reason the JWT authentication failed (Tyk is doing the JWT authentication)

Is this something that should be handled in my custom hook or should I simply specify “post” instead of “pre” in the manifest.json?

manifest.json:
{
“file_list”: [],
“custom_middleware”: {
“pre”: [{
“name”: “MyPrehook”
}],
“driver”: “grpc”
},
“checksum”: “”,
“signature”: “”
}

matiasb · March 19, 2018, 11:47pm

Hi, post hooks are called after the authentication mechanism so it looks like a better option for the scenario you’re describing.

jeffrngu · March 21, 2018, 10:32pm

@matiasb, I changed my hook to use “post” and the request was not forwarded when JWT authentication failed, which is expected. Thanks for your help!

James · March 23, 2018, 2:02pm

Hey Jeff

Glad you found the answer you were looking for, would love to know more about how you are using Tyk. We are always looking for user feedback and case studies for the Open Source Project. If you are able to share a few details in this thread, or if you prefer to keep private, please drop me a DM.

James