Blog Home   Blog Home

December 6, 2018   •   Scot Wells

Handling JWT Validation at the Edge Using Serverless EdgeEngine™

 
 

If your services are using JSON Web Tokens (JWTs) for request authentication, you can utilize our recently launched EdgeEngineTM to validate these tokens at the edge. By validating JWTs at the edge, you can ensure that only authorized requests reach your origin server. This also has the added benefit of providing the user with more immediate feedback.

EdgeEngine is a powerful serverless edge computing service that allows developers and businesses to launch scripts that run at the edge. Read the launch announcement. By leveraging EdgeEngine, developers are able to extend the functionality of our CDN to better suit their needs. One use case for EdgeEngine is the ability to move your request filtering to the edge to ensure that only valid requests are handled by your origin.

Luckily, we're already created a script that will help you get started with handling JWT validation at the edge.

Getting Started

To get started, clone the edgeengine-examples repo so you can build the jwt-validation script with your configuration. By default, the script expects that you have a JSON Web Key Set (JWKS) available via HTTP. It also expects that you have the kid value of the JSON Web Key (JWK) that's used for signing.


{
"keys": [
  {
    "alg": "RS256",
    "kty": "RSA",
    "use": "sig",
    "x5c": [ "MIIC...kgmo=" ],
    "n": "yeNlz...BdjQ",
    "e": "AQAB",
    "kid": "NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg",
    "x5t": "NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg"
  }
]}

Building the Script

Once you have those configurations you can run the following commands within the jwt-validation directory to build the script. The documentation provides more detail around how to build the script.


$ export JWKS_URL="https://example.com/.well-known/jwks.json"
$ export JWKS_KID="NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg"
$ yarn build

Once the build command completes, a new file will exist in build/bundle.js that contains your compiled script. We'll come back to this later.

Configuring your StackPath Site

Next, we will create a new script within your StackPath site configuration. If you haven't already, log in to the customer portal. Once you’re logged in you can navigate to the site configuration you would like to add JWT validation to and create a new script.

Configuring Your StackPath Site

Copy the script contents from the build/bundle.js file to the editor in the control panel. To perform validation on all the requests to a site, use * as the path parameter.

Configuring Your StackPath Site

Congratulations. You now have JWT Validation happening at the StackPath edge.

We're super excited to see what our customers will build using EdgeEngine. Have any questions about configuring EdgeEngine? Contact our support team, we're here for you 24x7.

If you have suggestions or want to share your script, please open a pull request.

If you have feedback on existing features or requests for new functionality, please leave feedback here in the customer portal.

   
Topics

View All
Stay Informed

Receive our monthly blog newsletter.

Follow

Connect with us to stay updated.

Stay Informed

Receive our monthly blog newsletter.

Follow

Connect with us to stay updated.