Building out the saga-ed/saga-dash#1 for deployment that avoids the issues we hit in Coach/Thrive ALB handling (which requires the backend be open in dev to avoid CORS OPTIONS calls getting caught up) and previous pages like the infra-admin page (see hipponot/microservices#596) - I want middleware that can be set up per microservice to handle JumpCloud authentication via JWT.
Instead of putting OIDC on the ALB (which is pretty strict about domain), this would loosen that (as we already have done) but reinstitute a guard at the API. Frontend auths, gets its token, uses it loosely across the same domain surface.
There may be other uses for this as a broader auth system.
There are some other techniques to handle the JWT in a separate API Gateway or CloudFront layer, but none of these seem particularly simple.
Building out the saga-ed/saga-dash#1 for deployment that avoids the issues we hit in Coach/Thrive ALB handling (which requires the backend be open in dev to avoid CORS OPTIONS calls getting caught up) and previous pages like the infra-admin page (see hipponot/microservices#596) - I want middleware that can be set up per microservice to handle JumpCloud authentication via JWT.
Instead of putting OIDC on the ALB (which is pretty strict about domain), this would loosen that (as we already have done) but reinstitute a guard at the API. Frontend auths, gets its token, uses it loosely across the same domain surface.
There may be other uses for this as a broader auth system.
There are some other techniques to handle the JWT in a separate API Gateway or CloudFront layer, but none of these seem particularly simple.