verifyJsonWebTokenForDcp

  • Property Manager name: JWT
  • Behavior version: The v2024-08-13 rule format supports the verifyJsonWebTokenForDcp behavior v1.0.
  • Rule format status: GA, stable
  • Access: Read/Write
  • Allowed in includes: Yes

This behavior allows you to use JSON web tokens (JWT) to verify requests for use in implementing Io​T Edge Connect, which you use the dcp behavior to configure. You can specify the location in a request to pass a JSON web token (JWT), collections of public keys to verify the integrity of this token, and specific claims to extract from it. Use the verify​Json​Web​Token behavior for other JWT validation.

When authenticating to edge servers with both JWT and mutual authentication (using the dcp​Auth​Variable​Extractor behavior), the JWT method is ignored, and you need to authenticate with a client authentication certificate.

OptionTypeDescriptionRequires
extract​Locationenum

Specifies where to get the JWT value from.

{"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"],"tag":"select"}
CLIENT_​REQUEST_​HEADER

From the client request header.

QUERY_​STRING

From the query string.

CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING

From both.

primary​Locationenum

Specifies the primary location to extract the JWT value from. If the specified option doesn't include the JWTs, the system checks the secondary one.

extract​Location is CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING
{"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING"],"tag":"select"}
{"if":{"attribute":"extractLocation","op":"eq","value":"CLIENT_REQUEST_HEADER_AND_QUERY_STRING"}}
CLIENT_​REQUEST_​HEADER

Get the JWT value from the request header.

QUERY_​STRING

Get the JWT value from the query string.

custom​Headerboolean

The JWT value comes from the X-Akamai-DCP-Token header by default. Enabling this option allows you to extract it from another header name that you specify.

extract​Location is either: CLIENT_​REQUEST_​HEADER, CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"extractLocation","op":"in","value":["CLIENT_REQUEST_HEADER","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"]}}
header​Namestring

This specifies the name of the header to extract the JWT value from.

custom​Header is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"customHeader","op":"eq","value":true}}
query​Parameter​Namestring

Specifies the name of the query parameter from which to extract the JWT value.

extract​Location is either: QUERY_​STRING, CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractLocation","op":"in","value":["QUERY_STRING","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"]}}
jwtstring

An identifier for the JWT keys collection.

{"displayType":"string","tag":"input","type":"text"}
extract​Client​Idboolean

Allows you to extract the client ID claim name stored in JWT.

{"displayType":"boolean","tag":"input","type":"checkbox"}
client​Idstring

This specifies the claim name.

extract​Client​Id is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractClientId","op":"eq","value":true}}
extract​Authorizationsboolean

Allows you to extract the authorization groups stored in the JWT.

{"displayType":"boolean","tag":"input","type":"checkbox"}
authorizationsstring

This specifies the authorization group name.

extract​Authorizations is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractAuthorizations","op":"eq","value":true}}
extract​User​Nameboolean

Allows you to extract the user name stored in the JWT.

{"displayType":"boolean","tag":"input","type":"checkbox"}
user​Namestring

This specifies the user name.

extract​User​Name is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractUserName","op":"eq","value":true}}
enable​RS256boolean

Verifies JWTs signed with the RS256 algorithm. This signature helps to ensure that the token hasn't been tampered with.

{"displayType":"boolean","tag":"input","type":"checkbox"}
enable​ES256boolean

Verifies JWTs signed with the ES256 algorithm. This signature helps to ensure that the token hasn't been tampered with.

{"displayType":"boolean","tag":"input","type":"checkbox"}