Azion JWT: access token solution in Edge

Edit on GitHub

There are many ways currently to control access to online resources. One of the most common is the use of some form of access Token, which is generated by applications to ensure that only authenticated users have permission to use certain resources, such as APIs or media archives.

Json Web Tokens (JWTs), for example, are a type of token that can be validated without needing to check a database, making it easier to stagger services. However, the size of a JWT is often greater than that of a session ID. As the token has to be included in every request, this can seriously affect network performance. Edge Computing’s features solve this problem, plus it can also add additional security features, such as combining Key IDs (KIDs) and secrets to increase the complexity of the generated hash.

Greater Security with Edge Function JWT

Give your content and APIs greater security with JWT from AZION. By running directly at the edge of the network, Edge Function JWT is a robust and effective solution to control access and closed or personalized content, such as videos, lessons, images or APIs. Through it, you can provide and revoke permissions through the use of keys (KID) and secrets, as well as setting expiry times for the keys.

By running within Azion’s Edge Nodes, closer to the users, Edge Function JWT can validate the authenticity of requests even before they reach your infrastructure. It does not need to consult a specific authentication server to validate the credentials of the token that accompanies the requests, which speeds up the process and provides extra security for your business.

How does Azion’s JWT work?

Before you begin, check that the Edge Functions service is active in your Azion account and that you already have the function in your Edge Functions Libraries. If not, please get in contact with our commercial team to access the service.

It is very simple to use: The source application must have a JWT generator implemented for the URLs it wants to protect. When Edge Function is set up in Azion, the customer is given a list of pairs of keys (KID) and secrets to be used to validate JWTs. In order to protect a URL, Azion checks whether the received JWT is valid, based on the secret keys and KIDs previously provided by the customer, and, if the JWT is invalid, access to the content will be denied.

See examples of Secure Token generation codes on Github for more information:

To configure your JWT function, edit the Edge Firewall to which you want to assign this service, making sure that the Edge Function option is enabled in the Main Settings tab. Next, go to the Functions tab and add a new function JWT. Make sure you give it an appropriate identifiable name (for example MyJWT), as you will need to be able to identify it later when configuring it in the Rule Engine. Note that the function code appearing in the Code field, is just for information. In the Json Args tab, enter the list of KID pairs and secret keys for generating JWTs, as in the example below, and save your function.

  “kids”: {
    “4546D4AA7F62F01A833A7ABE354030E7": “D6CB2342E44EFB6DD628276F36DA2359”,
    “D6CB2342E44EFB6DD628276F36DA2359": “60BD8ED7A768E8BD6925BEB0A691AADB”,
    “60BD8ED7A768E8BD6925BEB0A691AADB”: “4546D4AA7F62F01A833A7ABE354030E7”

Example of the configuration of JSON Args parameters

Once set up, just link your Function with a Rule Engine within your Edge Firewall. On the Rules Engine tab, use the Default Rule or create a new rule with the validation criteria (criteria) to activate your function. In the Behavior section, select Run Function and choose the JWT Function that you created.

Didn’t find what you were looking for? Open a support ticket.