JWT Consumer (jwtConsumer)
The JWT consumer information to validate the JWT token.
Name | Type | Default | Description |
---|---|---|---|
audiences | string | The trusted audience list to be included in the aud claim in the JSON web token. | |
clockSkew | A period of time with millisecond precision | 5m | This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
id | string | This ID is used to identify the JWT consumer. If an ID value is not specified, the consumer is not processed. The ID must be a URL-safe string. The JwtConsumer API uses this ID to determine which consumer configuration to use to consume JWTs. | |
issuer | string | An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme that contains scheme, host, and optionally port number and path components. | |
jwkEnabled | boolean | false | Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored. |
jwkEndpointUrl | string | Specifies a JWK end point URL. | |
keyManagementKeyAlias | string | Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JWE. | |
sharedKey | Reversably encoded password (string) | Specifies the string that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. | |
signatureAlgorithm |
| Specifies the signature algorithm that will be used to sign the JWT token. | |
sslRef | A reference to top level ssl element (string). | Specifies an ID of the SSL configuration that is used to connect to the OpenID Connect provider. | |
trustStoreRef | A reference to top level keyStore element (string). | A keystore that contains the public key that can verify a signature of the JWT token. | |
trustedAlias | string | A trusted key alias for using the public key to verify the signature of the token | |
useSystemPropertiesForHttpClientConnections | boolean | false | Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if you want the connections to use the http* and javax* system properties. |