A JSON Web Token (JWT) is a type of authentication token used to identify a user to a server application. JWTs contain information about the client caller, and can be used as part of a client session architecture. A JSON Web Key Set (JWKS) contains the cryptographic keys used to verify incoming JWTs.
In this example, we require a JWT for all routes in the
frontend service except for the home page (
/) and the pod health check (
In the Istio policy, we specify the path to a test public key (
jwksUri), which will be mounted into the frontend’s sidecar proxy. All unauthenticated requests will receive a
401 - Unauthorized status from Envoy.
apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: "frontend-jwt" spec: targets: - name: frontend origins: - jwt: issuer: "firstname.lastname@example.org" jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.2/security/tools/jwt/samples/jwks.json" trigger_rules: - excluded_paths: - exact: /_healthz - exact: / principalBinding: USE_ORIGIN