With this behavior enabled, you can use JSON web tokens (JWT) to verify requests for use in implementing IoT Edge Connect, which you configure using the IoT Edge Connect behavior.

How it works

You can specify the location in a request to pass a JSON web token (JWT), collections of public keys to verify the integrity of this token, and specific claims to extract from it. Use the JWT Verification behavior for other JWT validation.

When authenticating to edge servers with both JWT and Mutual Authentication behavior, the JWT method is ignored, and you need to authenticate with a client authentication certificate.

Features and options

Field

What it does

Sub-options

JWT Location

The location in requests where you want to extract JWTs from.

  • Client Header Name
  • Query String Parameter
  • Request header or query string parameter

JWT primary location

With JWT Location set to Request header or query string parameter, specifies the primary location to extract the JWT value from. If the specified option doesn’t include the JWTs, the system checks the secondary one.

**

  • Request header
  • Query string parameter
**

Use Custom Header

The JWT value comes from the X-Akamai-DCP-Token header by default.

With JWT Location set to Client Header Name or Request header or query string parameter, you can extract it from another header name that you specify.

**

  • Yes
  • No
**

Header name

With Use Custom Header enabled, this specifies the name of the header to extract the JWT value from.

Query parameter name

With JWT Location set to Query String Parameter or Request header or query string parameter, this specifies the name of the query parameter from which to extract the JWT value.

JWT key collection

An identifier for the JWT keys collection.

Extract client ID

When enabled, you can extract the client ID claim name stored in JWT.

**

  • Yes
  • No
**

Client ID claim

With Extract client ID enabled, this specifies the claim name.

Extract authorization groups

When enabled, you can extract the authorization groups stored in the JWT.

**

  • Yes
  • No
**

Authorization groups claim

With Extract authorization groups enabled, this specifies the authorization group name.

Extract username

When enabled, you can extract the user name stored in the JWT.

**

  • Yes
  • No
**

Username claim

With Extract username enabled, this specifies the user name.

Allow RS256

Verifies JWTs signed with the RS256 algorithm. This signature helps to ensure that the token hasn’t been tampered with.

**

  • Yes
  • No
**

Allow ES256

Verifies JWTs signed with the ES256 algorithm. This signature helps to ensure that the token hasn’t been tampered with.

**

  • Yes
  • No
**

Did this page help you?