Cloud-native API Gateway provides authentication and authorization plugins that help you enhance system security and access control.
|
Plugin |
Description |
|
The key-auth plugin authenticates requests using an API key parsed from URL parameters or request headers, and verifies that the key has the required access permissions. |
|
|
The basic-auth plugin authenticates requests based on the HTTP Basic Auth standard. |
|
|
The hmac-auth plugin generates a non-forgeable HMAC signature for HTTP requests to authenticate and authorize callers. |
|
|
The jwt-auth plugin authenticates requests using JSON Web Tokens (JWT) parsed from URL parameters, request headers, or the Cookie field, and verifies that the token has the required access permissions. Unlike Configure JWT authentication, the jwt-auth plugin can also identify callers, which lets you configure different JWT credentials for each caller. |
|
|
The oauth2 plugin issues OAuth2 access tokens based on JWT in compliance with the RFC 9068 specification. |
|
|
The jwt-logout plugin uses Redis to implement a weak state management mechanism for JWT, enabling active token logout and single-session enforcement. For example, when a user logs on from a new device, the plugin can automatically log them out of the previous device. |