VerifyJwtTokenValve
Warning
This valve is usually used with the legacy OIDC authenticators. If that is the case, it is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture, where this valve won't be needed anymore since it's already builtin. More information about the legacy authenticators can be found here.
Note
This valve is used for verifying received JWT tokens. It will only allow the received token to be used once in order to avoid replay-attacks.
Properties
Name | Description | Default value | Mandatory | Supports property expansion |
---|---|---|---|---|
source | The parameter where the JWT token is stored | Yes | Yes | |
keystore | The keystore to verify the JWT against | Yes | No | |
dest_id | Name of the resulting item get update or create | Yes | No | |
attributes | An array of JWT attributes to copy from the JWT to the resulting item | Yes | No |
Example Configuration
{
"name": "JWTTokenParserValve",
"config": {
"source": "jwt_token_data",
"keystore": "my_keystore",
"dest_id": "new_jwt_item",
"attributes": [
"sub",
"name"
]
}
}