January 27, 2022
API Security With OAuth2.0 Using JWT Tokens
The lab we will be discussing today demonstrates how to use the NGINX Controller API Management Module and NGINX App Protect to secure the OAuth Authorization Code flow, which is core to the Open Banking specifications.
NGINX App Protect will be deployed as an Ingress Controller for Kubernetes and will provide both negative and positive security by ingesting the OpenAPI declaration file. The NGINX API Gateway will be controlled by NGINX Controller, will publish the application API based on the same OpenAPI declaration file, will provide JWT authentication and authorization, and will enforce rate limiting.
The deployment and configuration of these elements will be performed automatically through a CI/CD pipeline. ELK dashboards will be used for visualization purposes and, lastly, a DAST tool will also be run as part of the CI/CD pipeline. In separate instances, BIG-IP APM is deployed as both Authorization Server with OpenID Connect support and as OAuth Client.