JSON Web Token Middleware
This middleware allows you to secure execution of a webtask using JWT tokens by validating issuer, audience, and scope claims.
Usage
-
Set the
wt-node-dependencies
metadata property to the stringified JSON of an object with names of modules as the keys and values set to the latest version for the corresponding module.{ "@webtask/middleware-compiler": "1.3.0", "@webtask/jwt-middleware": "1.0.0" }
-
Set the
wt-compiler
metadata property on your webtask to@webtask/middleware-compiler
. -
Set the
wt-middleware
metadata property to@webtask/jwt-middleware
. -
Set the
wt-authorize-execution
metadata property to any value other than0
to require either thewt:owner:<container>
orwt:admin
or the custom scope encoded in thewt-execution-scope
metadata property. You can disable any authorization checks for the execution of the webtask by settingwt-authorize-execution
metadata property to0
or not including it in your request. -
Set the
wt-execution-iss
metadata property to the value ofauthorization_server
property obtained from the discovery endpoint of your deployment (located at{deployment_url}/api/description
). -
Set the
wt-execution-aud
metadata property to the value ofaudience
property obtained from the discovery endpoint of your deployment (located at{deployment_url}/api/description
). -
Optionally, set the
wt-execution-scope
metadata property to the name of a custom scope that can be used for authorization of webtask execution. -
Optionally, set the
wt-debug
metadata property to a comma-separated list of debug references that containswt-middleware
. This will result in additional debug information being sent to real-time logs.
Creating and securing a webtask using CLI
-
Determine which profile you will use when creating the webtask or create a new one by running
wt init
. For more options please refer to https://webtask.io/docs/wt-cli orwt init -h
. -
Save your webtask code into a file f.e.
echo "module.exports = function (cb) { cb(null, 'Hello'); }" > hello.js
. -
In the same folder create a file
meta
with all the metadata properties. Each property should be on its own line structured asKEY=VALUE
pair.wt-authorize-execution=1 wt-node-dependencies={"@webtask/middleware-compiler":"^1.3.0","@webtask/jwt-middleware":"^1.0.0"} wt-compiler=@webtask/middleware-compiler wt-middleware=@webtask/jwt-middleware wt-execution-iss={ISSUER_URI} wt-execution-aud={AUDIENCE_URI} wt-execution-scope={EXECUTION_SCOPE}
-
Run the create command
wt create hello.js --meta-file meta -p {profile_name}
.