ParseJwt

Parses a JSON Web Token, JWT and verifies the signature. Claims is put on the current item.

Configuration

Valve name: ParseJwt

Name Description Default value Mandatory Expanded

Name	Description	Default value
`jwt_src`	Source of the JWT.	`"{{request.access_token}}"`
`verify_token`	If the signature should be verified.	`true`
`internal_http_destination`	HTTP module reference. Mandatory if `jwks_endpoint` is used to fetch public key.	N/A
`jwks_endpoint`	JWKS endpoint.	N/A
`keystore`	Keystore reference or json object containing keystore configuration. Used to verify JWT signature.	N/A
`keystore_alias`	Keystore alias.	N/A
`sign_algorithm`	Algorithm used when signature was created.	`"RS256"`

jwt_src

Source of the JWT.

"{{request.access_token}}"

verify_token

If the signature should be verified.

true

internal_http_destination

HTTP module reference. Mandatory if jwks_endpoint is used to fetch public key.

N/A

jwks_endpoint

JWKS endpoint.

N/A

keystore

Keystore reference or json object containing keystore configuration. Used to verify JWT signature.

N/A

keystore_alias

Keystore alias.

N/A

sign_algorithm

Algorithm used when signature was created.

"RS256"

Example with local keystore for signature validation:
{
    "name": "ParseJwt",
    "config": {
        "jwt_src": "{{{session.access_token}}}",
        "keystore": {
             "path": "/fortified_test/config/keystore.p12",
             "password": "secret",
             "type": "PKCS12"
        },
        "keystore_alias" : "jwt"
    }
}

Example with jwks_endpoint to fetch key for signature validation:
{
    "name": "ParseJwt",
    "config": {
        "jwt_src": "{{{session.access_token}}}",
        "internal_http_destination": "http_client_1",
        "jwks_endpoint": "http://192.168.50.228:8080/oidc/tenant1/.well-known/openid-configuration/jwks"
    }
}

PreviousCreateJwt NextLDAP