AppMesh

Features:

  • 1. Advanced Application Management Platform
  • 2. Build
  • 3. App Mesh CLI Documentation
  • 4. Development
  • 5. App Mesh Deployment Guide
  • 6. JWT authentication
    • 6.1. GET JWT token
    • 6.2. Use JWT token for REST request
  • 7. Loki
  • 8. Prometheus Exporter
  • 9. Security
  • 10. Multi-factor authentication
  • 11. User and Role
  • 12. How to scan github C++ project by Coverity
  • 13. Grafana json REST data source to monitor App Mesh
  • 14. Remote Task (in-memory compute)
  • 15. Event Subscription
  • 16. Workflow
  • 17. LLM Spec-Driven Development Pipeline (on the App Mesh workflow-engine)

Success:

  • 14. Remote Task (in-memory compute)
  • 1. Claude Code remote sandbox
  • 2. Remote run
  • 3. Build powerful monitor system with Grafana/Prometheus/Loki
  • 4. Customize application start behavior
  • 5. Open service broker support local PV for Kubernetes
  • 6. Promote native application to microservice application
  • 7. Secure REST file server
  • 8. Standalone JWT server
  • 9. Kubernetes run none-container applications
  • 10. Python parallel run

Python SDK:

  • appmesh package
AppMesh
  • 6. JWT authentication
  • View page source

6. JWT authentication jwt-logo

JSON Web Tokens

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

jwt_auth_process

What is supported:

  • REST login use JWT standard

  • Support local JSON based user management

  • Provide login and auth API to run as a stand-alone JWT server

  • Support centralized user & role DB server by Consul

What is not supported:

  • Redirect authentication to another JWT server is not supported

6.1. GET JWT token

Method URI Body/Headers Desc
POST /appmesh/login Authorization=Basic base64(NAME:PASSWD)
Optional:
X-Expire-Seconds=600
X-Totp-Code=TOTP_KEY
X-Audience=appmesh-service		 User login, return JWT token or require next TOTP validate
POST /appmesh/totp/validate { "user_name":"NAME", "totp_code":"TOTP_KEY", "totp_challenge":"CHALLANGE_ABC", "expire_seconds":"360000" } Validate TOTP key, return JWT token 
curl -X POST -k -s -H "Authorization:$(echo -n 'user:pwd' | base64)" -H "X-Expire-Seconds:2" https://localhost:6060/appmesh/login | python -m json.tool

The REST will response bellow json when authentication success:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDU5MjA1NjQsImlhdCI6MTYwNTMxNTc2NCwiaXNzIjoiYXBwbWVzaC1hdXRoMCIsIm5hbWUiOiJhZG1pbiJ9.hPOGoU5cl8TexQKyUnKpSi4r9Hy0Vhi03A-mCyQfpXw",
  "expire_seconds": 604800,
  "expire_time": 1605920564,
  "profile": {
    "auth_time": 1605315764,
    "name": "admin"
  },
  "token_type": "Bearer"
}
response desc
access_token JWT token content
expire_time UTC time (seconds) the token will expire, is the server time plus the input X-Expire-Seconds
auth_time the server UTC time (seconds)
token_type JWT standard "Bearer"

6.2. Use JWT token for REST request

Method URI Body/Headers Desc
POST /appmesh/auth headers:
Authorization=Bearer
Optional:
X-Permission=permission-id		 JWT token authenticate 
curl -s -X POST -k -H "Authorization:Bearer $JWT_TOKEN" -H "X-Permission:app-view"  https://127.0.0.1:6060/appmesh/auth | python -m json.tool

The REST will response bellow json when authentication success:

{
  "permission": "app-view",
  "success": true,
  "user": "mesh"
}
Previous Next

© Copyright 2024, laoshanxi.

Built with Sphinx using a theme provided by Read the Docs.