iRule to Check for Bearer Token in Auth Headers

Question

I have a requirement where I need to be able to check and see if an oauth bearer token exists in the authentication headers before I pass it to the backside server(s).&nbsp;
Right now we are running 11 code and even if we upgrade to 13, we have an oauth environment already and do not want to use F5 to handle the authentication piece. We only need to be able to verify that the client has a token and that the client cert is valid. &nbsp;
Essentially, I would like to do the following:&nbsp;
Check HTTP Authorization headers for Bearer and make sure that Bearer has a valueIf Bearer has a value then check that the client certificate fingerprint matches a class list of allowed fingerprints.If this passes then allow the traffic to a gateway behind the F5's that will verify the OAUTH token against the authentication source. If either of these fails, reject the traffic and send a generic error back to client.
Any help to be able to accomplish this via an iRule would be greatly appreciated. &nbsp;

yann_desmarest · Answer

Hi,&nbsp;You can try this code for step 1 :&nbsp;when HTTP_REQUEST {
    if { [HTTP::header exists Authorization] and [HTTP::header Authorization] contains "Bearer" and [getfield [HTTP::header Authorization] " " 2] != "" } {
     some code
    }
}

shadi_darwish · Answer

​how can I load balance with persistence using  Bearer Token in Auth Headers

Forum Discussion

iRule to Check for Bearer Token in Auth Headers

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

iRule - Authorization Bearer / Basic

iRule Header Insert

APM AdAuth HTTP Header Insert iRule Switch Statement

Security headers

ASM irule to disable attack signature authorization header with specific value