I have a server hosting an NGINX front-end and a Node.JS back-end.
Scenario: The server needs to pass each request containing the JWT token to the Node.JS back-end which will validate the token using the Firebase SDK and if the token authenticates then it should pass the flow back to NGINX which should continue with the reverse proxy and route accordingly.
So far I have managed to set up the NGINX as a reverse-proxy which works effectively. I am confused as to how to pass the token to nginx for authentication and back to nginx to continue with the reverse proxy if verified.
I found a solution to my problem.
I've created a public repository on GitHub; feel free to use it or fork and improve.
Fire-Guard-Proxy
Related
i am trying to integrate keyCloak in my application, i have created a Realm name "my-app" and added 2 clients
frontend (accessType -public)
backend (accessType - bearer-only)
I want to use the access token (returned from frontend client) to authenticate backend APIs.
i want to achieve same thing explained in this tutorial by making use of Roles, Client Scopes and mappers but not working for me
https://medium.com/devops-dudes/secure-front-end-react-js-and-back-end-node-js-express-rest-api-with-keycloak-daf159f0a94e
i made a mistake in configuration,
on frontend side i made url for auth server "http://127.0.0.1:8080/auth" and on Server side it was "http://localhost:8080/auth", else everything was correct
I have a Node js backend. I use OAuth 2 for authentication. All the endpoints are secured by this authentication method except one endpoint. I cannot use OAuth in this insecure endpoint because the endpoint is triggered by another server on which I don't have any control. So I cannot tell the other server to send me a token for my backend to validate.
The request to my backend is made with SSL connection. So, in Nodejs is there any way to find out the SSL issuer name or something like that so that my backend can validate the requester? (All the requests to my insecure endpoint comes from the same server)
I have a web app configured in my Azure AD.
On a machine, i have installed a connector and configured an application proxy with that connector.
I am now trying to connect from an Android mobile application to the web app through the application proxy.
If I use a WebView inside my app, I can load the User access URL, enter my credentials and I receive a cookie for use by following connections.
I need to be able to use other HTTP clients that do not have the possibility to show UI.
I was wondering if it was possible to somehow request access and refresh tokens, and add those to future requests. or if possible convert them to a cookie in some manner and add that in a header.
Your client app can simply use MSAL (or ADAL, or another OpenID Connect client library) to sign the user in and an access token for the App Proxy app. Then you can include that token in the Authorization header in requests to the endpoint from App Proxy. App Proxy will recognize it, validate it, and (if everything checks out) proxy the call down to the App Proxy connector, where the rest of the process happens as normal.
Here are the relevant docs: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application
I have a NodeJS API on Amazon EB and an API on API Gateway.
API Gateway is configure as a proxy to EB.
I can call my API without problem, it's working but I don't know how to manage security.
Actually if I use the API Gateway URL I must sign the request (it's ok!) but I can use the EB URL and nothing is necessary.
Before using API Gateway I was using JWT but now what shall I do on my Node app? API Gateway is using the Authorization header for sign the request, so my Node app must check this signature maybe? Or something else?
The recommended approach to restricting back end access to only API Gateway is to use client side certificates. See documentation here
Note that if using client certificates with ELB, you must configure the ELB in tcp mode and terminate the SSL connection on your application server as ELB does not support client certificate validation.
An alternate approach is to configure your API Gateway to add a header with a secret value and then validate the value on your application server before processing the request. This is generally considered less secure, since its easier for an attacker to obtain your secret value. At a minimum, you would want to use SSL between your API Gateway and your application server so the secret isn't sent in plain text.
I already configured nginx with nodejs and it's working perfectly as a reverse proxy, after that I put an authentication (username, password) in nginx to protect those photos from outside, how can i make a request to access those photos? I mean what request I need to create to authenticate input username and password? (WITH NGINX)
ps: I saw that would be nice to use jwt but I'm afraid to install openresty and lost my previous configuration of nginx.
What would be better? Configure jwt or try to authenticate with a user and pass in nginx?