We currently have our own identity provider which it seems Tyk cannot integrate directly with e.g. for JWT validation.
We would like to take advantage of user level quotas and see traffic per user - would it be possible to have a plugin to validate the JWT and inject an api key that maps to the user?
Specifically what is the order of execution custom plugin -> rate limiting -> usage counting or some other order?
Hi
Maybe I misunderstood you but Tyk does integrates with JWT as api keys.
On Tyk’s side -
- You need to define configure the claim you are expecting to contain the policy Id (for instance “pol”) and the user (for instance “sub”).
- Then create a policy and add the API to its ACL.
- Copy that policy Id
On the JWT creator, the IdP, you need to create a rule to inject the policy id to the JWT in the claim you have configured in Tyk.
Could you please check this doc for diagram and further explanations.
You could write a custom auth plugin that would create a session object in tyk (as explained in your link) and set the policy per the values in the jwt. You can use $tyk_context_jwt_claim_CLAIM-NAME to access the values in rthe jwt