Signed proxy redirects

I am trying to use a signed proxy redirect to only allow my netlify function to be called by netilfy.

I updated my netlify.toml file like below and added an env variable to the build called “API_SIGNATURE_TOKEN”, but when I check the request cookies (just logging all cookies atm) in the function I don’t see the jwt to validate with.

site: nervous-lewin-928377

Just reading through docs again. Maybe this isn’t the best way to accomplish what I want. I was trying to add some sort of guard against someone just repeatedly calling the endpoint outside of the app. But since the app isn’t gated at the moment I guess that’s not really possible after thinking about it a bit more.

First off, these are JWS’s not JWT’s! You aren’t authenticating - just authorizing. The way you’d use that data to gate is:

  • check incoming request for a jws
  • decode jws using your secret
  • only proceed with “doing the thing on your server” if the jws decodes correctly.

not as automagic as you were hoping, but simpler than JWT handling, I think since you get all you need in the initial request and it’s then possible for your server to make a call “proceed, or don’t” based just on the info in that request.