Question: Using the JWT Auth

[mhaamann]

Do you have any recommendations on how to use JWT Auth with flagr. I was hoping that this could be handled with the Github OAuth. Is there any similar 3rd party vendors I could use?

[zhouzhuojie]

I will be adding more docs about JWT auth usage, it's not trivial.

For now, one can refer to the comment here
https://github.com/checkr/flagr/blob/f4c18c0f013bea15edf2f4e7c711df8d4495e13a/pkg/config/env.go#L94-L125

Basically, Flagr only validates the JWT token, and it's not responsible for crafting the JWT token. And you can configure JWTAuthNoTokenStatusCode and JWTAuthNoTokenRedirectURL so that the UI knows how to redirect to the page that can login the users.

Workflow Steps.

1. Open flagr UI website
2. No tokens found (it checks the cookie or auth header) => redirect to the login page
3. Login page will login the user, username/password, or any other social login via OAuth
4. If login sucessful, the login page should stored a JWT token as a cookie that the flagr UI can use. Typically this means a subdomain wildcard cookie. Make sure these subdomain can only be accessed from your internal network for extra security.
5. It should be correctly redirected back to flagr UI with the correct JWT token set. You're good to go now.
6. Notice that, flagr extracts user information from the user claim defined by JWTAuthUserClaim.