HAProxy community

ACL based on JWT resource access

Hi, how to allow requests by resource access decoded from JWT token.

This is decoded resource_access:
{ [“app1”] = { [“roles”] = { [1] = ROLE_WRITE,} ,} ,[“app2”] = { [“roles”] = { [1] = ROLE_WRITE,[2] = ROLE_READ,} ,} ,[“app3”] = { [“roles”] = { [1] = ROLE_READ,} ,} ,}

I need allow request to specific endpoint when app have read access in JWT token.

Best Regards

Although I haven’t done this myself, if you really need to do it in HAProxy, I would recommend looking into the Lua extension for HAProxy, which would allow you to intercept requests and apply various rules.