Authenticating client requests

quick question about suggested/intended patterns for authentication of client requests…

if i’m using OAuth to secure my client requests (and to identify the user making requests and authorise them) is that something that Kalix can support? Or should it be done elsewhere (e.g. an API Gateway sitting in front of the Kalix backend services?

for instance, if i’m using Auth0 i can have my users sign-up and login on the client side application and configure callbacks into the Kalix service(s) to create the users there, but when those clients make calls to the backend to interact with my application can i, in Kalix services, get the token from the header, validate it, etc?

2 Likes

We would recommend using Kalix’s JWT support for this:

In such a setup, you would have Auth0 issue JWT based access tokens, as described here:

You can then configure the Auth0 JWT signing key to be trusted by Kalix, and then submit the Auth0 issued tokens as a bearer token, and Kalix will validate it and be able to authenticate the user.

2 Likes

That’s excellent news, thanks James i’ll take a look at the documentation more closely :wink:

T

Hi, T, did you get this working? I’m struggling with it now, mind taking a look at my post?