Introduction to api gateway using express gateway ( part 2 — authorization using jwt)

Authorization issues in case of micro services communication

Step 1 : Setting up users for express gateway

npm start 
my-gateway@1.0.0 start /home/tanmay/express-gateway/my-gateway
> node server.js
gateway http server listening on :::8080
admin http server listening on 127.0.0.1:9876
tanmay@tanmay-VPCEB44EN:~/express-gateway$ eg users create
? Enter firstname [required]: kevin
? Enter lastname [required]: systrom
? Enter username [required]: kevin
? Enter email: kevin.systrom@instagram.com
? Enter redirectUri: http://localhost:4000/api/products
Created 523c71a2-9f80-434f-a555-9b193ba66444
{
"firstname": "kevin",
"lastname": "systrom",
"username": "kevin",
"email": "kevin.systrom@instagram.com",
"redirectUri": "http://localhost:4000/api/products",
"isActive": true,
"id": "523c71a2-9f80-434f-a555-9b193ba66444",
"createdAt": "Thu Oct 11 2018 23:19:16 GMT+0530 (IST)",
"updatedAt": "Thu Oct 11 2018 23:19:16 GMT+0530 (IST)"

Step 2: Generating credentials for JWT

tanmay@tanmay-VPCEB44EN:~/express-gateway$ eg credentials create -c kevin -t jwt
✔ Created 7dSTbOnvJ7mUF3CtNBCEst
{
"isActive": true,
"createdAt": "Thu Oct 11 2018 23:22:40 GMT+0530 (IST)",
"updatedAt": "Thu Oct 11 2018 23:22:40 GMT+0530 (IST)",
"keyId": "7dSTbOnvJ7mUF3CtNBCEst",
"keySecret": "7Ex0letChBSw23RfcPSqGr"
,
"scopes": null,
"consumerId": "523c71a2-9f80-434f-a555-9b193ba66444",
"id": "7dSTbOnvJ7mUF3CtNBCEst"
}

Step 3: Generating JWT token

let jwt = require('jsonwebtoken');
let secret = null;
secret = '7Ex0letChBSw23RfcPSqGr' ; // this is the keySecret generated by eg credential create
let token = jwt.sign( {
"sub": "7dSTbOnvJ7mUF3CtNBCEst", //keyId generated by eg create
"name": "Kevin Systrom",
"iat": 1538828706
},secret);
console.log(token);
//verifying JWT token.
let decoded = jwt.verify(token ,secToken); //Decoding JWT using keySecret
console.dir(decoded, { depth : null ,colors : true});
tanmay@tanmay-VPCEB44EN:~/json-web-token$ node json-web-token.js
JWT : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3ZFNUYk9udko3bVVGM0N0TkJDRXN0IiwibmFtZSI6IktldmluIFN5c3Ryb20iLCJpYXQiOjE1Mzg4Mjg3MDZ9.gByvBq67l97PJ3Li_AeBeajKLXdxC8ILCth3aERKEHo
decoded JWT payload:
{ sub: '7dSTbOnvJ7mUF3CtNBCEst',
name: 'Kevin Systrom',
iat: 1538828706 }

Step 4 — Protect api route using express gateway .

"jwt": [
{
"action": {
"secretOrPublicKey": "7Ex0letChBSw23RfcPSqGr",
"checkCredentialExistence" : "false"

}
}
]
{
"http": {
"port": 8080
},
"admin": {
"port": 9876,
"hostname": "localhost"
},
"apiEndpoints": {
"api": {
"host": "localhost",
"paths": "/ip"
},
"cust": {
"host": "localhost",
"paths": "/api/customers"
},
"product": {
"host": "localhost",
"paths": "/api/products"
}
},
"serviceEndpoints": {
"httpbin": {
"url": "https://httpbin.org"
},
"custsrv": {
"url": "http://localhost:3000/"
},
"prodsrv": {
"url": "http://localhost:4000/"
}
},
"policies": [
"basic-auth",
"key-auth",
"cors",
"expression",
"log",
"oauth2",
"proxy",
"rate-limit",
"jwt"
],
"pipelines": [
{
"name": "default",
"apiEndpoints": [
"api"
],
"policies": [
{
"proxy": [
{
"action": {
"serviceEndpoint": "httpbin",
"changeOrigin": true
}
}
]
}
]
},
{
"name": "default-1",
"apiEndpoints": [
"cust"
],
"policies": [

{
"proxy": [
{
"action": {
"serviceEndpoint": "custsrv"
}
}
]
}
]
},
{
"name": "default-2",
"apiEndpoints": [
"product"
],
"policies": [
{
"jwt": [
{
"action": {
"secretOrPublicKey": "2URIWeWGe5srtOptNidOyP",
"checkCredentialExistence" : "false"

}
}
]
},
{
"proxy": [
{
"action": {
"serviceEndpoint": "prodsrv"
}
}
]
}
]
}
]
}

Step 5- Accessing product api ( without JWT)

Step 6- Accessing product api ( with JWT)

Authorization : Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3ZFNUYk9udko3bVVGM0N0TkJDRXN0IiwibmFtZSI6IktldmluIFN5c3Ryb20iLCJpYXQiOjE1Mzg4Mjg3MDZ9.gByvBq67l97PJ3Li_AeBeajKLXdxC8ILCth3aERKEHo

Successful product api response post JWT verification

Few Points to note

db:
redis:
emulate: true
namespace: EG
 checkCredentialExistence : true

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store