Skip to content

PingThingsIO/traefik-jwt-group-access

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
vendor
vendor
 
 
.gitignore
.gitignore
 
 
.traefik.yml
.traefik.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
plugin.go
plugin.go
 
 

Repository files navigation

traefik-jwt-group-access

Traefik middleware plugin which decodes a JWT token and checks that the JWT has an allowed group.

Tested Traefik Versions

This pllugin has been tested on Traefik v3.4.3, and works with that version, it may not be compatible with older versions (it's written with go1.25 in mind).

Installation

The plugin needs to be configured in the Traefik static configuration before it can be used.

Installation on Kubernetes with Helm

The following snippet can be used as an example for the values.yaml file:

experimental:
  plugins:
    enabled: true

additionalArguments:
- --experimental.plugins.traefik-jwt-group-access.modulename=github.com/PingThingsIO/traefik-jwt-group-access
- --experimental.plugins.traefik-jwt-group-access.version=v0.0.1

Installation via command line

traefik \
  --experimental.plugins.traefik-jwt-group-access.moduleName=github.com/PingThingsIO/traefik-jwt-group-access \
  --experimental.plugins.traefik-jwt-group-access.version=v0.0.1

Configuration

Kubernetes

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: jwt-group-access
spec:
  plugin:
    traefik-jwt-group-access:
      claimsPrefix: attr
      allowGroups:
        - admin
        - test
      groupProperty: "groups"

License

This software is released under the Apache 2.0 License

About

Traefik Middleware to Allow Access based on JWT Groups

Topics

traefik-plugin

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v0.0.2 Latest
Sep 17, 2025
+ 1 release

Languages