Resource
BlogTopic
Edge DeliveryDate
Dec 06, 2018If your services are using JSON Web Tokens (JWTs) for request authentication, you can utilize our recently launched EdgeEngineTM to validate these tokens at the edge. By validating JWTs at the edge, you can ensure that only authorized requests reach your origin server. This also has the added benefit of providing the user with more immediate feedback.
EdgeEngine is a powerful serverless edge computing service that allows developers and businesses to launch scripts that run at the edge. Read the launch announcement. By leveraging EdgeEngine, developers are able to extend the functionality of our CDN to better suit their needs. One use case for EdgeEngine is the ability to move your request filtering to the edge to ensure that only valid requests are handled by your origin.
Luckily, we’re already created a script that will help you get started with handling JWT validation at the edge.
To get started, clone the edgeengine-examples repo so you can build the jwt-validation script with your configuration. By default, the script expects that you have a JSON Web Key Set (JWKS) available via HTTP. It also expects that you have the kid value of the JSON Web Key (JWK) that’s used for signing.
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"x5c": [ "MIIC...kgmo=" ],
"n": "yeNlz...BdjQ",
"e": "AQAB",
"kid": "NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg",
"x5t": "NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg"
}
]}Once you have those configurations you can run the following commands within the jwt-validation directory to build the script. The documentation provides more detail around how to build the script.
$ export JWKS_URL="https://example.com/.well-known/jwks.json"
$ export JWKS_KID="NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg"
$ yarn buildOnce the build command completes, a new file will exist in build/bundle.js that contains your compiled script. We’ll come back to this later.
Next, we will create a new script within your StackPath site configuration. If you haven’t already, log in to the customer portal. Once you’re logged in you can navigate to the site configuration you would like to add JWT validation to and create a new script.
Copy the script contents from the build/bundle.js file to the editor in the control panel. To perform validation on all the requests to a site, use * as the path parameter.
Congratulations. You now have JWT Validation happening at the StackPath edge.
We’re super excited to see what our customers will build using EdgeEngine. Have any questions about configuring EdgeEngine? Contact our support team, we’re here for you 24×7.
If you have suggestions or want to share your script, please open a pull request.
If you have feedback on existing features or requests for new functionality, please leave feedback here in the customer portal.