1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

doc

Azion’s JWT

Overview

Nowadays, there are many ways to control access to your online resources. One of the most common one is the use of access tokens. These tokens are generated by applications to ensure that only authenticated users have permission to use certain resources, such as APIs or media archives.

Staggering services is simpler by using JSON Web Tokens (JWTs), a type of token that can pass verification without consulting a database. However, a JWT’s size can be larger than a session ID’s. This can have a negative impact on network speed as the token must be provided in each request. Edge Computing’s features may resolve this issue, as well as additional security features, such as the ability to combine Key IDs (KIDs) and secrets to make the produced hash more complicated.

Give your content and APIs greater security with the JWT solution from Azion by running the JWT Edge Function directly on your Edge Firewall. This is a robust and effective solution to control access for closed and/or personalized content, such as videos, lessons, images, or APIs. Through it, you can provide and revoke permissions by using KIDs and secrets, as well as specifying relevant expiration dates.

By running the JWT solution on the edge, closer to the users, you can validate the authenticity of requests even before they reach your infrastructure. It doesn’t need to consult a specific authentication server to validate the credentials of the token that accompanies the requests, speeding up the process and providing extra security for your business.


1. Getting the JWT solution from Azion’s Marketplace
2. Using the solution
2.1 Setting up the Edge Firewall rule
2.2 Setting up the Edge Firewall function
3. Setting up the Edge Firewall Rules Engine
4. How does Azion’s JWT work?


1. Getting the JWT solution from Azion’s Marketplace

Before you begin, check if the Edge Functions service is active on your Azion account.

To use the JWT solution provided by Azion’s Marketplace, follow these steps:

  1. Access Real-Time Manager (RTM) and log in.
  2. On the upper-left corner of the page, select Products Menu > Marketplace.
  3. On Marketplace’s homepage, in the search box, type “JWT” or browse through the cards below it to find the desired JWT solution.
  4. Select the desired JWT card. The solution’s page will appear.
  5. On the Subscribe for section at the bottom-right corner of the page, click the Get It Now button.

A successful message will appear. Now, your solution is installed and ready to use.


2. Using the solution

2.1. Setting up the Edge Firewall rule

To instantiate the JWT Edge Function, follow these steps:

  1. On the Products Menus, select Edge Firewall in the SECURE section.
  2. Click the Add Rule Set button.
  3. Give a name to your new rule.
  4. Select the domains you want to protect with the JWT Edge Function.
  5. Turn the Edge Functions switch on.
  6. Click the Save button.

2.2 Setting up the Edge Firewall function

To instantiate the JWT solution, while still on the Edge Firewall page, go to the Functions tab and follow these steps:

  1. Click the Add Function button.
  2. Give a name to your instance.
  3. On the dropdown menu, select JWT.

A code box will be loaded. It’s just for study and can’t be modified.

  1. On the Args tab, you’ll pass your KIDs.

The Args tabs will load a example of KIDs, similar to the one below:

[{
  “kids”: {
    4546D4AA7F62F01A833A7ABE354030E7": “D6CB2342E44EFB6DD628276F36DA2359”,
    “D6CB2342E44EFB6DD628276F36DA2359": 60BD8ED7A768E8BD6925BEB0A691AADB”,
    60BD8ED7A768E8BD6925BEB0A691AADB”: 4546D4AA7F62F01A833A7ABE354030E7
  }
}]
  1. Click the Save button.

Done. Now you have your JWT instance saved.


3. Setting up the Edge Firewall Rules Engine

To finish, you have to set up the Rules Engine in order to configure the behavior and the criteria to run the JWT.

To do this, follow these steps:

  1. Click the New Rule button.
  2. Give a name to the rule.
  3. Select a criteria to run catch the domain that will run the solution. For example: if Hostname is equal xxxxxxxxxxxx.map.azionedge.net.
  4. Below, select a behavior to the criteria. In this case, it’ll be Run Function.
    • Select the adequate JWT function according to the name you gave it in the instantiate step.
  5. Click the Save button.

Done. Now you have a JWT solution running for every request made to the domain you indicate.


4. How does Azion’s JWT work?

For the URLs you wanto to protect, the source application must have a JWT generator installed. You’ll receive a list of KIDs and secrets to be used to validate JWTs while setting up the solution. Based on the secret keys and KIDs previously supplied, Azion verifies the received JWT’s validity in order to secure a URL. If the JWT is invalid, access to the content will be refused. Otherwise, access will be granted.


You can see examples of Secure Token generation codes on GitHub by visiting Azion’s Secure Token repository.


Didn’t find what you were looking for? Open a support ticket.