updated zuplo id token doc

zuplo · Jul 10, 2024 · 7d6439e · 7d6439e
1 parent 1309130
commit 7d6439e
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 42 deletions.
diff --git a/docs/articles/zuplo-id-token.md b/docs/articles/zuplo-id-token.md
@@ -42,7 +42,24 @@ The issued JWT token contains the following claims.
 | iat              | `1720470928`                                                         | The epoch time the token was issued.                                                                                                             |
 | exp              | `1720506928`                                                         | The epoch time the token expires. The default expiration for Zuplo Identity Tokens is 10 hours.                                                  |
 
-## Verifying the Token
+## Securing Your Backend
+
+The Zuplo ID Token can be used as a means of securing your backend API so that
+only Zuplo can call the API. This can be done by restricting the incoming
+requests using a standard OAuth middleware on your API. For example, if you were
+using Fastify on your backend, you could use the
+[Fastify JWT Middlware](https://github.com/fastify/fastify-jwt) using the
+[JWKS verification method](https://github.com/fastify/fastify-jwt?tab=readme-ov-file#verifying-with-jwks)
+and checking the `account`, `project`, or other claims.
+
+fastify.addHook("onRequest", async (request, reply) => { try { await
+request.jwtVerify(); } catch (err) { reply.send(err); } });
+
+fastify.listen({ port: 3000 });
+
+````
+
+## Verifying the Token Using a Library
 
 To verify the JWT token on your own service, you can use any standard JWT
 library. The verification method will use the JWKS hosted at
@@ -75,4 +92,4 @@ if (
 ) {
   throw new Error("Not my account or project");
 }
-```
+````
diff --git a/sidebar.json b/sidebar.json
@@ -228,6 +228,7 @@
         "items": [
           "policies/upstream-azure-ad-service-auth-inbound",
           "policies/upstream-gcp-service-auth-inbound",
+          "policies/upstream-gcp-federated-auth-inbound",
           "policies/upstream-gcp-jwt-inbound",
           "policies/upstream-firebase-admin-auth-inbound",
           "policies/upstream-firebase-user-auth-inbound"
@@ -329,6 +330,7 @@
       "articles/http-problems",
       "articles/reusing-code",
       "articles/zone-cache",
+      "articles/zuplo-id-token",
       "articles/safely-clone-a-request-or-response",
       "articles/runtime-behaviors",
       "articles/zp-body-removed",

diff --git a/src/app/policies/[slug]/page.tsx b/src/app/policies/[slug]/page.tsx
@@ -122,40 +122,6 @@ const PolicyOptions = ({
   isObjectSchema(handlerExport);
   return (
     <div>
-      <h3 id="policy-configuration">Policy Configuration</h3>
-      <ul>
-        <li>
-          <code>name</code> <span className="text-green-600">{"<string>"}</span>{" "}
-          - The name of your policy instance. This is used as a reference in
-          your routes.
-        </li>
-        <li>
-          <code>policyType</code>{" "}
-          <span className="text-green-600">{"<string>"}</span> - The identifier
-          of the policy. This is used by the Zuplo UI. Value should be{" "}
-          <code>{policyId}</code>.
-        </li>
-        <li>
-          <code>handler.export</code>{" "}
-          <span className="text-green-600">{"<string>"}</span> - The name of the
-          exported type. Value should be{" "}
-          <code>{handlerExport.const!.toString()}</code>.
-        </li>
-        <li>
-          <code>handler.module</code>{" "}
-          <span className="text-green-600">{"<string>"}</span> - The module
-          containing the policy. Value should be{" "}
-          <code>{handlerModule.const!.toString()}</code>.
-        </li>
-        {options && Object.keys(options).length > 0 ? (
-          <li>
-            <code>handler.options</code>{" "}
-            <span className="text-green-600">{"<object>"}</span> - The options
-            for this policy. <a href="#policy-options">See Policy Options</a>{" "}
-            below.
-          </li>
-        ) : null}
-      </ul>
       {options && Object.keys(options).length > 0 ? (
         <>
           <h3 id="policy-options">Policy Options</h3>
@@ -229,12 +195,6 @@ export default async function Page({ params }: { params: { slug: string } }) {
       id: "configuration",
       level: 2,
       children: [
-        {
-          title: "Policy Configuration",
-          id: "policy-configuration",
-          level: 3,
-          children: [],
-        },
         {
           title: "Policy Options",
           id: "policy-options",