How to do authentication by calling an API from KrakenD before hitting server
35 views
Skip to first unread message
Shahin Salim
Jun 2, 2024, 8:19:48 AMJun 2
to KrakenD Community
Hi,
Is it feasible to perform authentication in KrakenD by invoking an API?
My scenario involves clients providing a session ID, which we must pass to our authentication service. The authentication service will then validate the session ID. If the session ID is valid, we proceed to access the actual server; otherwise, we return an error to the client.
Can this authentication workflow be implemented in KrakenD?
Is it feasible to perform authentication in KrakenD by invoking an API?
My scenario involves clients providing a session ID, which we must pass to our authentication service. The authentication service will then validate the session ID. If the session ID is valid, we proceed to access the actual server; otherwise, we return an error to the client.
Can this authentication workflow be implemented in KrakenD?
Albert Garcia
Jun 3, 2024, 4:01:10 AMJun 3
to Shahin Salim, KrakenD Community
Hi Shahin,
Yes, it is feasible to perform authentication in KrakenD by invoking an API. However, there are some considerations to keep in mind:
Yes, it is feasible to perform authentication in KrakenD by invoking an API. However, there are some considerations to keep in mind:
- Performance Concerns: Each authenticated request to your services will result in two calls—one to the authentication API service and one to the actual protected service. This could potentially lead to performance issues. Please provide more details about your actual authentication flow so we can better understand your specific requirements.
- Recommendation: We recommend using a JWT-compatible authentication system. Even if you implement a custom in-house JWT, KrakenD can perform more efficient authorization. KrakenD only needs the public key (JWK) to validate the encrypted JSON token, eliminating the need to reach the identity service to validate the session ID with each request.
- Alternative Solutions: If using JWT is not possible, you can achieve your requirement with either:
- Sequential Proxy: Implement a sequential proxy to first call the authentication service and then proceed to the actual server if the session ID is valid. More details can be found here.
- Custom Plugin: Develop a custom plugin to handle the authentication process. Documentation for extending KrakenD with custom plugins is available here.
Best regards,
 |
| ||
|
Confidentiality Notice: This email, including any attachments, may contain confidential and privileged information for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy all copies of this email. Thank you. This email has been sent in accordance with the European Union General Data Protection Regulation (EU GDPR).
Supported by NASSCOMSent from PeerXP--
Follow us on: LinkedIn | Facebook | Twitter
DISCLAIMER: This email and any files transmitted with it are confidential and are solely for the use of the individual or entity to which it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you receive this transmission in error, please notify the sender by reply email and then destroy the message. Any opinions, conclusions and other information in this message that do not relate to official business of the company shall be understood to be neither given nor endorsed by PeerXP Services Private Limited. Any information contained in this email, when addressed to Clients is subject to the terms and conditions in governing client contract.
You received this message because you are subscribed to the Google Groups "KrakenD Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to community+...@krakend.io.
To view this discussion on the web visit https://groups.google.com/a/krakend.io/d/msgid/community/dad7507f-fec6-48d1-a99a-f722dd24fab9n%40krakend.io.
Shahin Salim
Jun 3, 2024, 7:44:19 AMJun 3
to KrakenD Community, Albert Garcia, KrakenD Community, Shahin Salim
I think you have tried to share some link with me. But I did not get it.
Can you please tell me which plugin I have to use for this my use case (Provide authentication by calling an API. If authentication is failed return 401 response), is it HTTP server plugin, request/response modifier plugin or HTTP client plugin ?
Can you please tell me which plugin I have to use for this my use case (Provide authentication by calling an API. If authentication is failed return 401 response), is it HTTP server plugin, request/response modifier plugin or HTTP client plugin ?
Albert Garcia
Jun 3, 2024, 1:11:10 PMJun 3
to Shahin Salim, KrakenD Community
Sorry, Shahin. I was trying to share a link to the documentation for plugins. In this case, you should take a look at a request / response modifier plugin, since it can be applied on a "per endpoint" basis and can return custom errors. Apart from the documentation, you can find some ready-to-use custom plugin examples at https://github.com/krakend/examples/tree/main/plugins
Best regards,
|
| ||
|
Confidentiality Notice: This email, including any attachments, may contain confidential and privileged information for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy all copies of this email. Thank you. This email has been sent in accordance with the European Union General Data Protection Regulation (EU GDPR).
Reply all
Reply to author
Forward
0 new messages