Table of Contents

VerifyJwtTokenValve

Warning

This valve is usually used with the legacy OIDC authenticators. If that is the case, it is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture, where this valve won't be needed anymore since it's already builtin. More information about the legacy authenticators can be found here.

Note

This valve is used for verifying received JWT tokens. It will only allow the received token to be used once in order to avoid replay-attacks.

Properties

Name Description Default value Mandatory Supports property expansion
source The parameter where the JWT token is stored Yes Yes
keystore The keystore to verify the JWT against Yes No
dest_id Name of the resulting item get update or create Yes No
attributes An array of JWT attributes to copy from the JWT to the resulting item Yes No

Example Configuration

{
  "name": "JWTTokenParserValve",
  "config": {
    "source": "jwt_token_data",
    "keystore": "my_keystore",
    "dest_id": "new_jwt_item",
    "attributes": [
      "sub",
      "name"
    ]
  }
}