Configure the JWT verification behavior
JSON web token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained method for securely transmitting JSON-encoded information between parties. Use this behavior to quickly identify and authorize consumers who send requests to your origin server. You can specify the HTTP header in client requests where a JWT is passed and the collection of public keys used to verify the integrity of that token.
Access Property Manager
configurations associated with the selected Control Center account. Go to
(or just enter Properties in the
The Property Groups page opens.
- Click the Property Name link for your property.
- On the Property Details page, click the Version of your configuration that you want to access in Manage Versions and Activations.
- On the Property Manager Editor page, select Default Rule in Property Configuration Settings.
In Behaviors, add the JWT
You can add one JWT verification behavior in an OTA Updates property.
Select JWT location from
- Select Request header to extract JWTs from a custom request header.
- Select Query string parameter to extract JWTs from a custom query string parameter.
In JWT key
collection, select the name of the active key collection to
verify a token’s signature. If you don't have a key collection, see Create a JWT key collection.
When selecting a key collection, pay attention to the following:
- The key collection needs to be active in the environment where you're activating your property. For example, if you're activating the property on staging, the key collection needs to be already active in the staging environment.
- The key collection needs
to store public keys that match the type of algorithm you use to sign
JWTs. For example, if you allow authentication with tokens signed with
the RS256 algorithms, the JWT collection needs to store RSA public
keys.Tip: You can check if a key collection is active in either environment and the type of public keys it stores next to this key collection name in the JWT key collection dropdown.
Specify one or more algorithms
that you want to use to sign your JWTs:
See Signing algorithms.
- Set Allow RS256 to Yes to allow authentication with tokens signed with the RS256 algorithm.
- Set Allow ES256 to Yes to allow authentication with tokens signed with the ES256 algorithm.