Configure the JWT verification behavior

JSON web token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained method for securely transmitting JSON-encoded information between parties. Use this behavior to quickly identify and authorize consumers who send requests to your origin server. You can specify the HTTP header in client requests where a JWT is passed and the collection of public keys used to verify the integrity of that token.

How to

  1. Access Property Manager configurations associated with the selected Control Center account. Go to > CDN > Properties (or just enter Properties in the search box).
    The Property Groups page opens.
  2. Click the Property Name link for your property.
  3. On the Property Details page, click the Version of your configuration that you want to access in Manage Versions and Activations.
  4. On the Property Manager Editor page, select Default Rule in Property Configuration Settings.
  5. In Behaviors, add the JWT Verification behavior.
    You can add one JWT verification behavior in an OTA Updates property.
  6. Select JWT location from the dropdown:
    • Select Request header to extract JWTs from a custom request header.
    • Select Query string parameter to extract JWTs from a custom query string parameter.
  7. In JWT key collection, select the name of the active key collection to verify a token’s signature. If you don't have a key collection, see Create a JWT key collection.
    When selecting a key collection, pay attention to the following:
    • The key collection needs to be active in the environment where you're activating your property. For example, if you're activating the property on staging, the key collection needs to be already active in the staging environment.
    • The key collection needs to store public keys that match the type of algorithm you use to sign JWTs. For example, if you allow authentication with tokens signed with the RS256 algorithms, the JWT collection needs to store RSA public keys.
      Tip: You can check if a key collection is active in either environment and the type of public keys it stores next to this key collection name in the JWT key collection dropdown.
  8. Specify one or more algorithms that you want to use to sign your JWTs:
    • Set Allow RS256 to Yes to allow authentication with tokens signed with the RS256 algorithm.
    • Set Allow ES256 to Yes to allow authentication with tokens signed with the ES256 algorithm.