认证流程:
1、创建一个用户
2、生成jwt的所需要的key和密钥
3、在https://jwt.io/的生成jwt token
4、启用jwt插件
5、发送请求的时候携带jwt的token信息
官方指导:https://docs.konghq.com/hub/kong-inc/jwt/configuration/examples/
一、创建一个新的用户
[root@min ~]# curl -X POST http://localhost:8001/consumers/ --data username=jwtuser
{"created_at":1685478265,"custom_id":null,"username":"jwtuser","tags":null,"type":0,"id":"12cd3aa4-dac3-432a-b401-35820a2fc4d5","username_lower":"jwtuser","updated_at":1685478265}
二、生成jwt的所需要的key和密钥
[root@min ~]# curl -X POST http://localhost:8001/consumers/jwtuser/jwt
{"created_at":1685478442,"consumer":{"id":"12cd3aa4-dac3-432a-b401-35820a2fc4d5"},"tags":null,"key":"64Lwa8LvHKVw8sPhguxD3V64I2CF6Aek","id":"0577790e-4d96-4fca-9050-c14397a3723e","algorithm":"HS256","secret":"ICk6bhhl7B8Dun2KFWeMkafUB7MDTuTm","rsa_public_key":null}
三、在https://jwt.io/的生成jwt token
生成的jwt对应token为eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI2NEx3YThMdkhLVnc4c1BoZ3V4RDNWNjRJMkNGNkFlayJ9.gg8qekmA9UR5I3m-BTZjm5rt9lcPfaKoXwd0DS0d-VI
四、启用jwt插件
这里我们通过http://localhost:8001/plugins/接口来进行启用jwt插件
[root@min ~]# curl -X POST http://localhost:8001/plugins/ \
> --data "name=jwt" \
> --data "config.uri_param_names=paramName_2.2.x"
{"created_at":1685478938,"consumer":null,"protocols":["grpc","grpcs","http","https"],"updated_at":1685478938,"ordering":null,"enabled":true,"instance_name":null,"id":"be82a370-90ec-4237-b2a5-0ae32e1e5e12","service":null,"name":"jwt","tags":null,"config":{"maximum_expiration":0,"run_on_preflight":true,"claims_to_verify":null,"key_claim_name":"iss","anonymous":null,"header_names":["authorization"],"secret_is_base64":false,"cookie_names":[],"uri_param_names":["paramName_2.2.x"]},"route":null}
创建成功后,就可以在konga的控制面板上新增了jwt的插件
五、发送请求的时候携带jwt的token信息
5.1、采用在请求头中携带jwt 鉴权信息
header头的key为:Authorization,value为:Bearer + 第二步中生成的token信息
5.2、 采用请求参数中携带
5.3、使用cookie携带
携带cookie前先需要开启插件使用cookie的携带能力
功能启用后,那么在Cookie中携带
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
