Let's say, I have a project that has 8 pods(services). I understand that authentication and authorization are covered in Istio Gateway using jwt. So that every request is verified. But users with different roles ex: [teacher, student, staff] need to have an endpoint to signup/signin/logout with username and password. Is there a way that Istio Gateway handles user creation saving it to db and generating jwt? Or do I have to make another Pod(service) dedicated to Auth and generate jwt from this pod? If so, how can I still set up jwt verification right from the gateway?
Thank you for taking time and reading this)
No, to do this, you need to create an Authentication micro-service (application) that generates the token.
Istio takes care of the task of validating the JWT tokens in the incoming user requests. So if you implement Istio JWT authentication feature, your application code doesn’t need to bother about the JWT token validation. Istio will do it for you. Not JWT token generation. Istio will not generate the tokens for you. This should be done by Authentication micro-service. Istio will check if the JWT is valid or not.
Here you can find step by step guide, how Istio and JWT for Micro-Services Authentication works. There you will find also many JWT-based authorization schemes.
See also: