JWT token validation on reverse proxy
Jihun Ha <jihun.ha@...>
When I read the document (https://wiki.edgexfoundry.org/download/attachments/329467/18_03_14_ver_EdgeX-simple-jwt-auth-DRAFT.docx?version=1&modificationDate=1521118200000&api=v2) about reverse proxy and auth server, I had a little confiusion for validation JWT token on reverse proxy.
AFAIK, JWT has a capability to validate the received token by resource server without any query to auth server or database, which can be done by self-containing information in JWT token.
So if reverse proxy is employed and API request with JWT token is sent to the reverse proxy, I think it can validate the token by itself without query to Authorization Server.
But Page 2~3 in the attached document describes that Reverse Proxy receives the JWT token and query the token to Authorization Server, which looks weird to me.
What am I missing now in this point? I'd appreciated if anyone correct me :)
Thank you in advance.
Jihun Ha (하지훈/河志薰, Ph.D.)
Edge Platform Development | IoT Lab
Software R&D Center | Samsung Electronics Co., Ltd
Mobile +82 10 2533 7947
jihun.ha at samsung.com | jhha85 at gmail.com