GuideReference
TrainingSupportCommunity

verify_​json_​web_​token_​for_​dcp

  • Property Manager name: JWT
  • Behavior version: The v2023-09-20 rule format supports the verify_​json_​web_​token_​for_​dcp behavior v1.0.
  • Rule format status: GA, stable
  • Access: Read-write
  • Allowed in includes: Yes

This behavior allows you to use JSON web tokens (JWT) to verify requests for use in implementing Io​T Edge Connect, which you use the dcp behavior to configure. You can specify the location in a request to pass a JSON web token (JWT), collections of public keys to verify the integrity of this token, and specific claims to extract from it. Use the verify​_json​_web​_token behavior for other JWT validation.

When authenticating to edge servers with both JWT and mutual authentication (using the dcp​_auth​_variable​_extractor behavior), the JWT method is ignored, and you need to authenticate with a client authentication certificate.

OptionTypeDescriptionRequires
extract_​locationenum

Specifies where to get the JWT value from.

{"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"],"tag":"select"}
CLIENT_​REQUEST_​HEADER

From the client request header.

QUERY_​STRING

From the query string.

CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING

From both.

primary_​locationenum

Specifies the primary location to extract the JWT value from. If the specified option doesn't include the JWTs, the system checks the secondary one.

extract_​location is CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING
{"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING"],"tag":"select"}
{"if":{"attribute":"extractLocation","op":"eq","value":"CLIENT_REQUEST_HEADER_AND_QUERY_STRING"}}
CLIENT_​REQUEST_​HEADER

Get the JWT value from the request header.

QUERY_​STRING

Get the JWT value from the query string.

custom_​headerboolean

The JWT value comes from the X-Akamai-DCP-Token header by default. Enabling this option allows you to extract it from another header name that you specify.

extract_​location is either: CLIENT_​REQUEST_​HEADER, CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"extractLocation","op":"in","value":["CLIENT_REQUEST_HEADER","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"]}}
header_​namestring

This specifies the name of the header to extract the JWT value from.

custom_​header is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"customHeader","op":"eq","value":true}}
query_​parameter_​namestring

Specifies the name of the query parameter from which to extract the JWT value.

extract_​location is either: QUERY_​STRING, CLIENT_​REQUEST_​HEADER_​AND_​QUERY_​STRING
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractLocation","op":"in","value":["QUERY_STRING","CLIENT_REQUEST_HEADER_AND_QUERY_STRING"]}}
jwtstring

An identifier for the JWT keys collection.

{"displayType":"string","tag":"input","type":"text"}
extract_​client_​idboolean

Allows you to extract the client ID claim name stored in JWT.

{"displayType":"boolean","tag":"input","type":"checkbox"}
client_​idstring

This specifies the claim name.

extract_​client_​id is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractClientId","op":"eq","value":true}}
extract_​authorizationsboolean

Allows you to extract the authorization groups stored in the JWT.

{"displayType":"boolean","tag":"input","type":"checkbox"}
authorizationsstring

This specifies the authorization group name.

extract_​authorizations is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractAuthorizations","op":"eq","value":true}}
extract_​user_​nameboolean

Allows you to extract the user name stored in the JWT.

{"displayType":"boolean","tag":"input","type":"checkbox"}
user_​namestring

This specifies the user name.

extract_​user_​name is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"extractUserName","op":"eq","value":true}}
enable_​rs256boolean

Verifies JWTs signed with the RS256 algorithm. This signature helps to ensure that the token hasn't been tampered with.

{"displayType":"boolean","tag":"input","type":"checkbox"}
enable_​es256boolean

Verifies JWTs signed with the ES256 algorithm. This signature helps to ensure that the token hasn't been tampered with.

{"displayType":"boolean","tag":"input","type":"checkbox"}