OTTokenVerifierValve

Note

Verifies a JWT token issued by PhenixID One Touch. Note that module "phenix-replay-cache" must be deployed to ensure replay protection.

Allows tokens issued by active profiles of the current OneTouch provisioning set in the PKI module, meaning if "v2" is set, only OneID tokens are accepted, and vice versa. If allowOTCompatibilityMode is set to true, both versions are allowed. Read more about OneID/OneTouch version and the compatibility mode in the article OneID

Properties

Name	Description	Default value	Mandatory	Supports property expansion

Example Configuration

{      
  "name": "OTTokenVerifierValve",
  "enabled": "true",
  "config": {
  }
}

Requirements

• The incoming request must contiain parameter access_token.
• Module phenix-replay-cache must be deployed to ensure replay protection.

General information

On successful validation two item properties are created:

• subject - containing the value of the sub parameter from the JWT token payload. Typically the username used when activating PhenixID One Touch.
• token_issuer - containing the value of the iss parameter from the JWT token payload. Typically the name of the issuing PhenixID One Touch service.
• If no item is present at execution time, a new will be created with id identical to the sub from the JWT token.

Tags

Valve JWT