JWT verification
With this behavior enabled, you can use JSON Web Tokens (JWT) to verify requests.
How it works
You need to specify where to extract the JWT value, either from the client request header, or from the request’s query string. If you extract the value from the header, you must specify the name of the header that contains the JWT value. If you extract the value from the query string, you must specify the name of the query parameter that contains the JWT value. Additionally, you can specify an identifier for the JWT keys collection.
Features and options
| Field | What it does | Sub-options |
|---|---|---|
| JWT location | The location in requests where you want to extract JWTs from. |
|
| Header name | With JWT location set to Request header, enter the name of the header in requests where you want to extract JWTs from. | |
| Query parameter name | With JWT location set to Query string parameter, enter the name of the query string parameter in requests where you want to extract JWTs from. | |
| JWT key collection | The name of a key collection created in the Token Access Control application. Public keys in this collection verify the integrity of the JWTs extracted from requests. | |
| Allow RS256 | Verify JWTs signed with the RS256 algorithm. This signature helps ensure that the token hasn’t been tampered with. |
|
| Allow ES256 | Verify JWTs signed with the ES256 algorithm. This signature helps ensure that the token hasn’t been tampered with. |
|
Updated about 3 years ago