Securing Your Endpoints with JWT Validation
By validating JWTs at the network edge, you can:
đź”’ Ensure only authenticated users can access your services.
⚡ Reduce backend load by rejecting unauthorized requests early.
🛡 Protect APIs from unauthorized access without modifying your upstream services.
🔍 What are the Benefits of Validating JWTs?​
JWTs are commonly used in OAuth 2.0, OpenID Connect (OIDC), and API authentication flows.
However, simply including a JWT in a request does not improve security. It must be verified to ensure:
- The token is properly signed by a trusted provider.
- The token has not expired.
- The token contains the correct claims (e.g., roles, permissions).
By performing JWT validation at the edge, you can offload authentication tasks from your backend and prevent unauthorized access before requests reach your service.
Key Benefits:
- Enforcing Authentication: Ensure only authenticated users can access protected resources.
- API Security & Access Control: Validate JWT claims to enforce role-based access (RBAC) or tenant restrictions.
- Single Sign-On (SSO) Support: Accept tokens from OAuth, OpenID Connect (OIDC), or enterprise identity providers.
- Reducing Backend Load: Offload JWT validation to the edge, reducing unnecessary authentication checks.
JWT Validation Examples​
The following Traffic Policy configuration is an example configuration of the jwt-validation action. For a more real-world example, check out our Auth0 guide.
A useful tool for working with JWTs is provided at jwt.io.
Check out the JWT validation traffic policy action page for more details about how it functions and the parameters it accepts.
- AgentEndpoint
- CloudEndpoint
- Ingress
- Gateway API
Loading…
Loading…
đź’ˇ Ingress
resources do not natively support JWT validation, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
​
Loading…
2. Use the NgrokTrafficPolicy
on an Ingress
​
Loading…
đź’ˇ Gateway API resources do not natively support JWT validation, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
​
Loading…
2. Use the NgrokTrafficPolicy
on a Gateway
​
The following example showcases supplying the NgrokTrafficPolicy
on a Gateway
resource. All requests to the Gateway
will run the traffic policy.
If you prefer, NgrokTrafficPolicy
can also be used on the route level by using an externalRef
filter on an HTTPRoute
. See the using Gateway API guide for examples.
Loading…