HTTP envoy filter that verifies JWTs from the ScaleFT access fabric.
Inspiration/hints taken from:
- https://github.com/ibmibmibm/libjose (MIT)
- https://github.com/istio/proxy (Apache 2.0)
To build the Envoy static binary:
git submodule update --init
bazel build //src/sft:envoy
bazel test //src/sft/...
- Useful debugging:
bazel test --test_output=streamed //src/sft/... --test_arg="-l debug"
See test-server/envoy.conf
for a working example.
See src/sft/integration_test/envoy.conf
for an example with statically configured keys. This is not recommended as these should be rotated regularly (and ScaleFT does), but it's useful for testing.
A trivial upstream server (golang) and test config are located in test-server
.
- Build
go run echo_request.go
- Modify
test-server/envoy.conf
appropriately bazel-bin/src/sft/envoy -c test-server/envoy.conf -l debug
curl -v http://localhost:8080 -H "Authenticated-User-Jwt: $JWT"