Skip to content
This repository was archived by the owner on Aug 7, 2023. It is now read-only.

php-istio/jwt-payload-extractor

BranchesTags

Repository files navigation

JWT Payload Extractor

example workflow example workflow codecov

About

This library help to extract trusted JWT payload from request forwarded by Istio Envoy proxy. It's based on PSR-7 Server Request Message ensures interoperability with other packages and frameworks.

UML

Requirements

PHP versions:

  • PHP 8.0

Installation

First install this library:

composer require php-istio/jwt-payload-extractor

And choice one of PSR-7 implementation package (ex: nyholm/psr7-server):

composer require nyholm/psr7 nyholm/psr7-server

Usage

Istio CRD JWTRules support forward origin token (forwardOriginalToken option), or just only base64 payload via specify header name (outputPayloadToHeader option), depend on your strategy you need to select method to extract your trusted JWT payload from forwarded request:

  • Extract from origin token in header:
<?php $psr17Factory = new \Nyholm\Psr7\Factory\Psr17Factory(); $creator = new \Nyholm\Psr7Server\ServerRequestCreator( $psr17Factory, // ServerRequestFactory $psr17Factory, // UriFactory $psr17Factory, // UploadedFileFactory $psr17Factory // StreamFactory ); $serverRequest = $creator->fromGlobals(); $extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer.example', 'authorization'); $payload = $extractor->extract($serverRequest); if(null !== $payload) { var_dump($payload); }
  • Extract origin token in query param:
<?php //...... $extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer.example', 'token'); $payload = $extractor->extract($serverRequest); //......
  • Extract base64 payload header:
<?php //...... $extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromBase64Header('issuer.example', 'x-istio-jwt-payload'); $payload = $extractor->extract($serverRequest); //......
  • In case your application have many JWT issuers, or many extraction strategies:
<?php //...... $extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromExtractors( \Istio\JWTPayloadExtractor\ExtractorFactory::fromBase64Header('issuer1.example', 'x-istio-jwt-payload'), \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer1.example', 'token'), \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer2.example', 'authorization'), \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer3.example', 'token'), ); $payload = $extractor->extract($serverRequest); //......

Testing

This library uses PHPUnit for unit tests:

vendor/bin/phpunit

Credits

About

The library help to extract trusted JWT payload from request forwarded by Istio sidecar.

Topics

php-jwt jwt-payload php-istio

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.1.1 Latest
Oct 30, 2021
+ 2 releases

Packages

No packages published

Languages