Plugin Catalog
Install a Plugin
Create a Plugin
Plugins
/JWT Auth Plugin

JWT Auth Plugin

v0.1.2

This repository includes a traefik plugin, jwt, It can check jwt from cookie or header. And It has optional configuration to set jwt to another header for backend.

Build Status

Configuration

The plugin needs to be configured in the Traefik static configuration before it can be used.

Installation with Helm

# snippet from helm values.yaml
experimental:
  plugins:
    enabled: true


additionalArguments:
- --experimental.plugins.traefik-jwt-middleware.moduleName=github.com/aseara/jc2h
- --experimental.plugins.traefik-jwt-middleware.version=v0.1.2

Installation via command line

# Static configuratio
experimental:
  plugins:
    traefik-jwt-middleware:
      moduleName: github.com/aseara/jc2h
      version: v0.1.2

Configuration

The plugin currently supports the following configuration settings: (all fields are optional)

SettingAllowed valuesDescription
checkCookiebooleanIf set to true, will try extract token from cookie with cookieName unless checkHeader is set to true and token is extracted from header.
cookieNamestringUsed as cookie name when extracting token from cookie. Needed if checkCookie is true.
checkHeaderbooleanIf set to true, will try extract token from header with headerName.
headerNamestringUsed to extract token from header. When checkHeader is true and this is empty, headerName will be set to Default value is 'Authorization' and headerValuePrefix to 'Bearer'.
headerValuePrefixstringWhen extract token from header, this will be the prefix of header value.
signKeystringPEM format public key to verify the jwt token. Cannot be empty when checkCookie or checkHeader is true.
ssoLoginUrlstringlogin url to redirect when token invalid. Cannot be empty when checkCookie or checkHeader is true.
injectHeaderstringIf set , the jwt token will be injected into request header with injectHeader value as key.

Example configuration

This example uses Kubernetes Custom Resource Descriptors (CRD) :

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-jwt-plugin
spec:
  plugin:
    traefik-jwt-plugin:
      checkCookie: true
      cookieName: jwt-token
      ssoLoginUrl: https://sso.xxxx.cn
      injectHeader: X-JWT-TOKEN
      signKey: |
          -----BEGIN PUBLIC KEY-----
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
          vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
          aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
          tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
          e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
          V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
          MwIDAQAB
          -----END PUBLIC KEY-----

Activate plugin in your config

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-server
  labels:
    app: test-server
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: traefik-jwt-plugin@kubernetescrd