ACL based on JWT resource access

Pawel · April 28, 2020, 2:12pm

Hi, how to allow requests by resource access decoded from JWT token.

This is decoded resource_access:
{ [“app1”] = { [“roles”] = { [1] = ROLE_WRITE,} ,} ,[“app2”] = { [“roles”] = { [1] = ROLE_WRITE,[2] = ROLE_READ,} ,} ,[“app3”] = { [“roles”] = { [1] = ROLE_READ,} ,} ,}

I need allow request to specific endpoint when app have read access in JWT token.

Best Regards

ciprian.craciun · May 5, 2020, 9:27am

Although I haven’t done this myself, if you really need to do it in HAProxy, I would recommend looking into the Lua extension for HAProxy, which would allow you to intercept requests and apply various rules.

Topic		Replies	Views
Haproxy ACL for query-string "Authorization" Help!	1	621	April 13, 2022
Making a separate HTTP Request from Lua ("http-req" action) Help!	3	3636	June 9, 2022
Do not have access to variables once http-request lua.jwtverify is run in haproxy.cfg Help!	0	447	December 21, 2021
HAProxy ACL With Variable In Substring Help!	2	535	November 22, 2024
HAProxy And Keycloak Integration Help!	15	119	December 6, 2024

ACL based on JWT resource access

Related topics