September 2019
Intermediate to advanced
668 pages
15h 59m
English
Content preview from Hands-On Microservices with Spring Boot and Spring Cloud
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Authenticating external requests using OAuth 2.0/OIDC access tokens
Istio Ingress Gateway is capable of requiring and validating JWT-based OAuth 2.0/OIDC access tokens, in other words, protecting the microservices in the service mesh from external unauthenticated requests. For a recap on JWT, OAuth 2.0, and OIDC, refer to Chapter 11, Secure Access to APIs (see the Authenticating and authorizing API access using OAuth 2.0 and OpenID Connect section).
To enable authentication, we need to create an Istio Policy object that specifies which targets should be protected and which access token issuers, that is, OAuth 2.0/OIDC providers, should be trusted. This is done in the kubernetes/services/base/istio/jwt-authentication-policy.yml file and appears ...