Hey guys, I want to use krakend.io API Gateway to enforce request level authorization. Krakend suppo...

execreate

09/26/2022, 5:07 AM

Hey guys, I want to use krakend.io API Gateway to enforce request level authorization. Krakend supports fetching the token from cookies with

cookie_key

parameter (https://www.krakend.io/docs/authorization/jwt-validation/), so I guess it must possible to make it work with Supertokens http-only cookies. Theoretically, I can pass

jwk_url

of Supertokens (https://supertokens.com/docs/passwordless/common-customizations/sessions/with-jwt/get-jwks-and-issuer) to Krakend and set

cookie_key

sAccessToken

to make it work. But the jwks endpoint in Supertokens is not available unless I turn on jwt in session recipe, is that right? Because I cannot fetch the jwks endpoint with my current setup where I did not enable jwt in Supertokens.

execreate

09/26/2022, 5:08 AM

The thing is I don't want to enable jwt feature, I just want my http-only cookies to get verified in a stateless manner on API Gateway side 🙂

rp_st

09/26/2022, 5:09 AM

hey! Thats not possible at the moment without enabling JWT feature.

rp_st

09/26/2022, 5:09 AM

We are working on changing sessions so that it would be possible.. but thats ~ 1 month away from release.

execreate

09/26/2022, 5:12 AM

Thanks @rp_st ! I can wait 😄 Looking forward for that release:)

rp_st

09/26/2022, 5:23 AM

cool!

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).