- Property Manager name: JWT verification
- Behavior version: The
v2023-01-05rule format supports theverify_json_web_tokenbehavior v1.1. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
This behavior allows you to use JSON Web Tokens (JWT) to verify requests.
| Option | Type | Description | Requires | |
|---|---|---|---|---|
extract_location | enum | Specify from where to extract the JWT value. | {"displayType":"enum","options":["CLIENT_REQUEST_HEADER","QUERY_STRING"],"tag":"select"} | |
CLIENT_REQUEST_HEADER | The value is in a client request header. | |||
QUERY_STRING | The value is in the request's query string. | |||
header_name | string | This specifies the name of the header from which to extract the JWT value. | extract_location is CLIENT_REQUEST_HEADER | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"extractLocation","op":"eq","value":"CLIENT_REQUEST_HEADER"}} |
query_parameter_name | string | This specifies the name of the query parameter from which to extract the JWT value. | extract_location is QUERY_STRING | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"extractLocation","op":"eq","value":"QUERY_STRING"}} |
jwt | string | An identifier for the JWT keys collection. | {"displayType":"string","tag":"input","type":"text"} | |
enable_rs256 | boolean | Verifies JWTs signed with the RS256 algorithm. This signature helps ensure that the token hasn't been tampered with. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
enable_es256 | boolean | Verifies JWTs signed with the ES256 algorithm. This signature helps ensure that the token hasn't been tampered with. | {"displayType":"boolean","tag":"input","type":"checkbox"} |