NATS
Auth-Callout
OIDC Demo
Connecting audit listener...
Client
browser / cli
1
CONNECT + token
6
permissions enforced
NATS Server
tls:4222 wss:8443
2
$SYS.REQ.USER.AUTH
5
signed UserClaims
Auth Service
auth-callout
3
JWKS verify
4
claims + scopes
PingOne
OIDC provider
Scenarios
1
Admin
nats:admin
2
Publisher
nats:publish
3
Subscriber
nats:subscribe
4
Invalid Token
bad jwt
5
No Token
none
Message Flow
Auth Audit Trail (live)
Log