►
From YouTube: Istio Auto mTLS and JWT (Istio 1.5) Part Two
Description
Istio 1.5 recently released. In these two videos, we take a look at the PeerAuthentication and RequestAuthentication APIs, new in 1.5, to control mTLS and JWT authentication.
A
This
is
the
second
part
of
a
series
of
videos
that
I'm
doing
to
kind
of
show
you
the
capabilities
of
this,
do
1.5
and
introduce
you
to
some
of
the
new
security
api's
that
have
been
introduced
and
the
previous
video
we
looked
at
using
the
auto
MPLS
feature
and
the
peer
authentication
API
and
in
this
video.
What
we're
going
to
do
is
look
at
using
the
request,
authentication
API
to
require
and
verify
validate
jot
tokens
as
they
come
in
to
identify
and
authorize
the
user.
A
You
can
take
a
look
at
the
docs
here
for
either
in
the
reference
section
and
their
configuration
and
then
security
to
give
you
much
more
deeper
understanding
of
these
different
API
s,
PR
authentication
and
request,
authentication,
the
job
rule
and
authorization
policies.
These
are
the
api's
that
is
stea
will
be
using
going
forward.
A
These
deprecated
ones
these
marked
deprecated
ones,
will
not
and
then
an
authentication
policy
was
an
alpha
api
that
is
still
around
and
still
works,
but
that
you're
encouraged
to
use
the
new
peer
authentication
and
request
authentication
api.
So
let's
come
back
to
our
demo
environment
here
and
take
a
look
at
using
jot
tokens.
So
if
we
call
our
our
service,
we
saw
it.
A
We
saw
on
the
previous
previous
video
that
we
have
a
web
api
workload
which
calls
recommendation,
which
then
calls
purchase
history,
and
if
we
call
it
come
back
here
from
our
curl
command
line
where
were
able
to
access
it.
In
the
previous
video,
we
made
sure
that
all
of
the
communication
going
back
and
forth
in
the
mesh
is
secured
and
and
MPLS
is
enforced.
A
What
we're
going
to
do
here
is
we're
going
to
use
the
new
request,
authentication,
API
and
we're
going
to
require
the
at
a
jot
token.
Jwt
token
is
part
of
the
request
and
that
is
used
to
identify
the
the
end
user,
the
identity
of
the
user,
making
the
requests
we're
going
to
use
authorization
policy
to
vary
or
to
enforce
that
an
identity
exists.
It
can
be
anything
in
this
case
when
we
commit
beef,
more
fine-grain
and
and
put
some
more
structure
around
this
policy.
A
A
Let's
wait
a
second.
Sometimes
you
know
the.
It
takes
a
second
to
prop
up
for
the
configuration
to
propagate
here
now.
Let's
try
calling
our
service
and,
of
course,
live
demo
it
it
worked.
We
didn't
give
it
enough
time
for
the
configuration
to
propagate.
Let's
try
it
again
from
here.
Ok
there
we
see
we're
getting
a
forbidden
here.
A
The
jot
has
to
be
issued
from
solo
and
can
be
verified
with
its
public
key
using
this
using
this
public
key,
and
so
this
is
a
jot
we'll
end
up
using
obviously
we'll
convert
it
into
proper
jot
and
now.
If
we
make
a
call
with
this
bearer
token-
and
you
can
now
see
why
I
am
automating
the
typing
of
this,
because
this
would
be
a
lot
to
type,
we
should
cross
our
fingers.
A
Come
on
ultra-secure
now
now
it
works
so
now
we're
passing
in
a
valid
jot.
It
identifies
us
and
we
can
hit
the
API,
so
that's
it
for
this
demo
and
these
these
videos
check
out
sto
1.5
and
especially
the
1.5
dot
1
release,
which
was
just
announced
not
too
long
ago.
Again.
This
is
christian
poster
from
solo
dot,
io
check
out
some
of
the
new
history
of
features
thanks.