JWT verification

With this behavior enabled, you can use JSON Web Tokens (JWT) to verify requests.

How it works

You need to specify where to extract the JWT value, either from the client request header, or from the request’s query string. If you extract the value from the header, you must specify the name of the header that contains the JWT value. If you extract the value from the query string, you must specify the name of the query parameter that contains the JWT value. Additionally, you can specify an identifier for the JWT keys collection.

Features and options

Field

What it does

Sub-options

JWT location

The location in requests where you want to extract JWTs from.

**

  • Request header
  • Query string parameter
**

Header name

With JWT location set to Request header, enter the name of the header in requests where you want to extract JWTs from.

Query parameter name

With JWT location set to Query string parameter, enter the name of the query string parameter in requests where you want to extract JWTs from.

JWT key collection

The name of a key collection created in the Token Access Control application. Public keys in this collection verify the integrity of the JWTs extracted from requests.

Allow RS256

Verify JWTs signed with the RS256 algorithm. This signature helps ensure that the token hasn’t been tampered with.

**

  • Yes
  • No
**

Allow ES256

Verify JWTs signed with the ES256 algorithm. This signature helps ensure that the token hasn’t been tampered with.

**

  • Yes
  • No
**

Did this page help you?