JWT
The JWT (JSON Web Token) Authentication policy enables secure access to your API by validating JWT tokens provided in the requests.
Options
secret (Optional)
Use this option when using a symmetric algorithm.
String
: The secret key used to verify the JWT's signature.
jwksUri (Optional)
Use this option when using an asymmetric algorithm.
String
: URL to the JSON Web Key Set (JWKS). This is used to retrieve the public key for verifying the JWT's signature.
audience (Optional)
Set if you want to validate the audience claim (aud
) of the JWT.
String
: The expected audience (aud
) of the JWT.
issuer (Optional)
Set if you want to validate the issuer claim (iss
) of the JWT.
String
: The expected issuer (iss
) of the JWT.
algorithms
Array
: List of strings specifying the allowed algorithms for token verification. For example,["RS256", "HS512"]
.
Usage
Secret Key
gateweaver.yml
policyDefinitions:
jwt:
secret: "my_secret_key"
audience: "my_audience"
issuer: "my_issuer"
algorithms:
- "HS256"
endpoints:
- path: "/todos"
target:
url: "https://example.com/todos"
policies:
- jwt
JWKS
gateweaver.yml
policyDefinitions:
jwt:
jwksUri: "https://example.com/.well-known/jwks.json"
audience: "my_audience"
issuer: "my_issuer"
algorithms:
- "RS256"
endpoints:
- path: "/todos"
target:
url: "https://example.com/todos"
policies:
- jwt
Powered by express-jwt