The JWT Policy helps you to validate JSON Web Tokens (JWT) by providing a signing key or a JSON Web Key Set (JWK(S)). You can also require claims and strip them to forward them as header to the backend API.
Option | Description | Possible Values | Default |
---|---|---|---|
Signing Key or URL to a JWK(S) | Specify a Base-64 encoded signing key or a URL to a JWK(S) to validate JWT. |
| FQDN path automatically set for your PAS installation |
Key ID (kid) of JWK(S) | Specify the key id of the JWK(S) in this field if you provided a JWK(S) URL. | a valid string | - |
Option | Description | Possible Values | Default |
---|---|---|---|
Claim | Specify a list of required claims. If a required claim is not present, access will be rejected. | a string | - |
Value | Determines the content of the claim. | a string | - |
Fields from the JWT can be set as headers and forwarded to the API.
Option | Description | Possible Values | Default |
---|---|---|---|
Field | Specify a list of fields from the JWT to be forwarded to the API as a header. | a string | - |
Header | Holds the value of the Field. | a string | - |
Option | Description | Possible Values | Default |
---|---|---|---|
Require Signed JWT (JWS) | Specify whether JWTs must be cryptographically signed and verified (JWS). |
| enabled |
Strip Tokens | Enable if the Authorization header or token query parameter should be removed before forwarding traffic to the API. |
| disabled |
Maximum Clock Skew | Specify the maximum allowed clock skew in seconds when validating exp (expiry) and nbf (not before) claims. 0 implies default behavior. | a valid integer | 0 |