Re: JWT authentication for websockets

57 views
Skip to first unread message
Message has been deleted

Yan Avlasov

unread,
Jul 18, 2023, 10:04:18 AM7/18/23
to Kuldeep Singh, envoy-dev
If JWT token is sent in the header of the WS upgrade request, then the jwt-authn extension should work. 

On Tue, Jul 18, 2023 at 2:30 AM 'Kuldeep Singh' via envoy-dev <envo...@googlegroups.com> wrote:
Hi everyone,

I am trying to enable jwt authentication for websockets but I could not find proper document on the same. I have enabled jwt auth for https protocol.

somewhere I read that envoy doesn't support websockets directly but we can write custom filter to enable jwt auth for ws protocol.

could someone please guide me how can I do it. or there is any other way we can do it.

I'm using auth0, kubernetes, and envoy.

thanks
Kuldeep 
CONFIDENTIALITY NOTICE: The information contained in this communication, including attachments is privileged and confidential. It is intended only for the exclusive use of the addressee. If the reader is not the intended recipient, or the employee, or the agent responsible for delivering it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error please notify. Nothing in this email, including any attachment, is intended to be a legally binding signature.

--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/5b62ff10-f2b5-4edc-b50e-8cad243e6374n%40googlegroups.com.

Kuldeep Singh

unread,
Jul 18, 2023, 10:45:56 AM7/18/23
to Yan Avlasov, envoy-dev
What will be the envoy yaml configuration for this. Can you please share the config? I have tried different config but it’s not working for me.

Yan Avlasov

unread,
Jul 18, 2023, 11:55:11 AM7/18/23
to Kuldeep Singh, envoy-dev
Please follow the https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades

If something is not working, please share details, logs, etc.
Message has been deleted

Xu Danny

unread,
Aug 11, 2023, 7:30:25 AM8/11/23
to envoy-dev
The document won't help much with this scenario ( jwt-authn not work), how to "JWT token is sent in the header of the WS upgrade request", could you please show any worked config example?

Kuldeep Singh

unread,
Aug 16, 2023, 3:30:41 AM8/16/23
to envoy-dev
how can we send the token in ws_upgrade config? 

Yan Avlasov

unread,
Sep 1, 2023, 10:10:32 AM9/1/23
to Kuldeep Singh, envoy-dev
You can enable detailed logging and check what happens in Envoy when you send the upgrade request. 

To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/6ea6cc55-798c-4d6f-a32b-3f2400b8dde8n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages