Use bearer middleware to secure HTTP endpoints by verifying bearer tokens
The bearer HTTP middleware verifies a Bearer Token using OpenID Connect on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: bearer-token spec: type: middleware.http.bearer version: v1 metadata: - name: clientId value: "<your client ID>" - name: issuerURL value: "https://accounts.google.com"
Spec metadata fields
|clientId||The client ID of your application that is created as part of a credential hosted by a OpenID Connect platform|
|issuerURL||URL identifier for the service.||
To be applied, the middleware must be referenced in configuration. See middleware pipelines.
apiVersion: dapr.io/v1alpha1 kind: Configuration metadata: name: appconfig spec: httpPipeline: handlers: - name: bearer-token type: middleware.http.bearer
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified June 24, 2021: upmerge/06-24 (#1588) (55d9123c)