verifyJsonWebTokenForDcp

Property Manager name: JWT
Behavior version: The latest rule format supports the verifyJsonWebTokenForDcp behavior v1.0.
Rule format status: Beta, possible breaking changes
Access: Read/Write
Allowed in includes: Not available for latest rule format

This behavior allows you to use JSON web tokens (JWT) to verify requests for use in implementing IoT Edge Connect, which you use the dcp behavior to configure. You can specify the location in a request to pass a JSON web token (JWT), collections of public keys to verify the integrity of this token, and specific claims to extract from it. Use the verifyJsonWebToken behavior for other JWT validation.

When authenticating to edge servers with both JWT and mutual authentication (using the dcpAuthVariableExtractor behavior), the JWT method is ignored, and you need to authenticate with a client authentication certificate.

Option	Type	Description	Requires
`extractLocation`	enum	Specifies where to get the JWT value from.		{"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"],"tag":"select"}
	`CLIENT_REQUEST_HEADER`	From the client request header.
	`QUERY_STRING`	From the query string.
	`CLIENT_REQUEST_HEADER_AND_QUERY_STRING`	From both.
`primaryLocation`	enum	Specifies the primary location to extract the JWT value from. If the specified option doesn't include the JWTs, the system checks the secondary one.	`extractLocation` is `CLIENT_REQUEST_HEADER_AND_QUERY_STRING`	{"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING"],"tag":"select"} {"if":{"attribute":"extractLocation","op":"eq","value":"CLIENT_REQUEST_HEADER_AND_QUERY_STRING"}}
	`CLIENT_REQUEST_HEADER`	Get the JWT value from the request header.
	`QUERY_STRING`	Get the JWT value from the query string.
`customHeader`	boolean	The JWT value comes from the `X-Akamai-DCP-Token` header by default. Enabling this option allows you to extract it from another header name that you specify.	`extractLocation` is either: `CLIENT_REQUEST_HEADER`, `CLIENT_REQUEST_HEADER_AND_QUERY_STRING`	{"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"extractLocation","op":"in","value":["CLIENT_REQUEST_HEADER","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"]}}
`headerName`	string	This specifies the name of the header to extract the JWT value from.	`customHeader` is `true`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"customHeader","op":"eq","value":true}}
`queryParameterName`	string	Specifies the name of the query parameter from which to extract the JWT value.	`extractLocation` is either: `QUERY_STRING`, `CLIENT_REQUEST_HEADER_AND_QUERY_STRING`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"extractLocation","op":"in","value":["QUERY_STRING","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"]}}
`jwt`	string	An identifier for the JWT keys collection.		{"displayType":"string","tag":"input","type":"text"}
`extractClientId`	boolean	Allows you to extract the client ID claim name stored in JWT.		{"displayType":"boolean","tag":"input","type":"checkbox"}
`clientId`	string	This specifies the claim name.	`extractClientId` is `true`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"extractClientId","op":"eq","value":true}}
`extractAuthorizations`	boolean	Allows you to extract the authorization groups stored in the JWT.		{"displayType":"boolean","tag":"input","type":"checkbox"}
`authorizations`	string	This specifies the authorization group name.	`extractAuthorizations` is `true`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"extractAuthorizations","op":"eq","value":true}}
`extractUserName`	boolean	Allows you to extract the user name stored in the JWT.		{"displayType":"boolean","tag":"input","type":"checkbox"}
`userName`	string	This specifies the user name.	`extractUserName` is `true`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"extractUserName","op":"eq","value":true}}
`enableRS256`	boolean	Verifies JWTs signed with the RS256 algorithm. This signature helps to ensure that the token hasn't been tampered with.		{"displayType":"boolean","tag":"input","type":"checkbox"}
`enableES256`	boolean	Verifies JWTs signed with the ES256 algorithm. This signature helps to ensure that the token hasn't been tampered with.		{"displayType":"boolean","tag":"input","type":"checkbox"}