JWT support and client certificates

Hi everyone! The Akka Serverless team are proud to announce the availability of two new features, client certificates and JWT support!

Client certificates, also known as Mutual TLS (mTLS), are ideal for situations where your Akka Serverless services are a backend in a larger system. In this case you may want services running elsewhere, such as in other clouds or in your own private cloud, to be able to communicate with your Akka Serverless services, however you don’t want anyone else on the internet to be able to access them. By securing your services with a client certificate, you can safely expose your Akka Serverless services to the internet, but guarantee that only your own services can connect to them. For information on how to secure your services with client certificates, read Securing Services.

JWTs are ideal for scenarios where you want to authenticate and authorize end users or devices. Akka Serverless’ JWT support allows validating both bearer tokens that are passed through HTTP headers, typically for authentication purposes, and tokens embedded inside messages, typically for authorization purposes. Tokens embedded in messages can have their claims validated against other fields in the message. This support is completely declarative, it’s achieved by just annotating the fields you want included in the token in your protobuf message descriptors. For more information on securing your services with JWTs, read Using JWTs.

We hope you find these features useful, and don’t hesitate to give us feedback!

7 Likes