Hi there. I’m trying to figure out how we can achieve this with Tyk.
I have Auth0 as my IdP. I have created a data access layer running on GAE which is a REST API that allows access to my database (Snowflake).
I would like to protect the data access layer with Tyk. I also have a web portal that will call Tyk to get to Snowflake to retrieve data that will be rendered for the user to view. So it will be
- web portal → Auth0 (to log user in, and obtain a token)
- Web portal → Tyk → data access layer → Snowflake
I have also integrated Snowflake with Auth0 so the same token issued by Auth0 is recognized by Snowflake.
When I make the first call from web portal → Auth0, I get a JWT. Ideally, I would like to the same JWT to be used to control which Tyk policy is applied (e.g. rate limiting), and what tables can be accessed in Snowflake. Snowflake can only accept a single scope claim in the JWT.
What is the best way to achieve this? I’ve read some microservices pattern like the phantom token, opaque token, etc. I’m a little confused how best to approach this with Tyk in between.