verify_json_web_token

Suggest Edits

Version: `v2025-01-13`	Includes use: Yes

Behavior name: JWT verification

This behavior allows you to use JSON Web Tokens (JWT) to verify requests.

Default behavior

These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.

data "akamai_property_rules_builder" "verify_json_web_token" {
  rules_v2025_02_18 {
    name     = "JWT verification"
    comments = "Uses JSON Web Tokens (JWT) to verify requests."
    behavior {
      verify_json_web_token {
        extract_location = "CLIENT_REQUEST_HEADER"
        header_name      = ""
        jwt              = ""
        enable_rs256     = true
        enable_rs256     = true
      }
    }
  }
}

"behaviors": [
  {
    "name": "verifyJsonWebToken",
    "options": {
      "extractLocation": "CLIENT_REQUEST_HEADER",
      "headername": "",
      "jwt": "",
      "enableRS256": true,
      "enableES256": true
    }
  }
]

Options

Option	Description
`extract_location`	Enum Specify from where to extract the JWT value. Value is one of: `CLIENT_REQUEST_HEADER`. The value is in a client request header. `QUERY_STRING`. The value is in the request's query string.
`header_name`	String \| Requires: `extract_location` is `CLIENT_REQUEST_HEADER` This specifies the name of the header from which to extract the JWT value.
`query_parameter_name`	String \| Requires: `extract_location` is `QUERY_STRING` This specifies the name of the query parameter from which to extract the JWT value.
`jwt`	String An identifier for the JWT keys collection.
`enable_rs256`	Boolean Verifies JWTs signed with the RS256 algorithm. This signature helps ensure that the token hasn't been tampered with.
`enable_es256`	Boolean Verifies JWTs signed with the ES256 algorithm. This signature helps ensure that the token hasn't been tampered with.

Updated 5 minutes ago