Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The JWT Policy helps you to validate JSON Web Tokens (JWT) by providing a signing key or a JSON Web Key Set (JWK(S)). You can also require claims and strip them to forward them as header to the backend API.
Configuration Options
Basic Configuration
Option | Description | Possible Values | Default | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Signing Key or URL to a JWK(S) | Specify a Base-64 encoded signing key or a URL to a JWK(S) to validate JWT.
|
| FQDN path automatically set for your PAS installation | ||||||||
Key ID (kid) of JWK(S) | Specify the key id of the JWK(S) in this field if you provided a JWK(S) URL. | a valid string | - |
Required Claims
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Option | Description | Possible Values | Default | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Claim | Specify a list of required claims. If a required claim is not present, access will be rejected. | a string | - | ||||||||
Value | Determines the content of the claim. | a string | - | ||||||||
|
Forward Claim Information
Fields from the JWT can be set as headers and forwarded to the API.
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Option | Description | Possible Values | Default | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Field | Specify a list of fields from the JWT to be forwarded to the API as a header. | a string | - | ||||||||
Header | Holds the value of the Field. | a string | - | ||||||||
|
Advanced Configuration
Option | Description | Possible Values | Default | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Require Signed JWT (JWS) | Specify whether JWTs must be cryptographically signed and verified (JWS).
|
| enabled | ||||||||
Strip Tokens | Enable if the Authorization header or token query parameter should be removed before forwarding traffic to the API. |
| disabled | ||||||||
Maximum Clock Skew | Specify the maximum allowed clock skew in seconds when validating exp (expiry) and nbf (not before) claims. 0 implies default behavior. | a valid integer | 0 |
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
|
Otp | ||
---|---|---|
|