Get a JSON Web Token (JWT)

This tutorial shows how to get a JSON Web Token (JWT), which can be used to access secured endpoints created in the Expose and secure a workload with Istio) and Expose and secure a workload with JWT tutorials.

Prerequisites

  • Use an OpenID Connect-compliant (OIDC-compliant) identity provider.

Get a JWT

  1. In your OIDC-compliant identity provider, create an application to get your client credentials such as Client ID and Client Secret.

  2. Export your client credentials as environment variables. Run:

    Click to copy
    export CLIENT_ID={YOUR_CLIENT_ID}
    export CLIENT_SECRET={YOUR_CLIENT_SECRET}
  3. Encode your client credentials and export them as an environment variable:

    Click to copy
    export ENCODED_CREDENTIALS=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64)
  4. In your browser, go to https://YOUR_OIDC_COMPLIANT_IDENTITY_PROVIDER_INSTANCE/.well-known/openid-configuration, save the values of the token_endpoint, jwks_uri and issuer parameters, and export them as environment variables:

    Click to copy
    export TOKEN_ENDPOINT={YOUR_TOKEN_ENDPOINT}
    export JWKS_URI={YOUR_JWKS_URI}
    export ISSUER={YOUR_ISSUER}
  5. Get the JWT:

    Click to copy
    curl -X POST "$TOKEN_ENDPOINT" -d "grant_type=client_credentials" -d "client_id=$CLIENT_ID" -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic $ENCODED_CREDENTIALS"
  6. Save the JWT and export it as an environment variable:

    Click to copy
    export ACCESS_TOKEN={YOUR_ACCESSS_TOKEN}