Description
MP-JWT Auth configuration is defined by the spec (options prefixed with `mp.jwt.`), and we add a few configuration options for the security provider (options prefixed with `security.providers.mp-jwt-auth.`).
Usages
Configuration options
| Key | Kind | Type | Default Value | Description |
|---|---|---|---|---|
mp.jwt.decrypt.key.algorithm | VALUE | i.h.m.j.a.J.j.d.k.algorithm | Expected key management algorithm supported by the MP JWT endpoint | |
mp.jwt.decrypt.key.location | VALUE | String | Private key for decryption of encrypted claims | |
mp.jwt.token.cookie | VALUE | String | Bearer | Specific cookie property name where we should search for JWT property |
mp.jwt.token.header | VALUE | String | Authorization | Name of the header expected to contain the token |
mp.jwt.verify.audiences | LIST | String | Expected audiences of incoming tokens | |
mp.jwt.verify.clock.skew | VALUE | Integer | 5 | Clock skew to be accounted for in token expiration and max age validations in seconds |
mp.jwt.verify.issuer | VALUE | String | Expected issuer in incoming requests | |
mp.jwt.verify.publickey | VALUE | String | String representation of the public key | |
mp.jwt.verify.publickey.location | VALUE | String | Path to public key | |
mp.jwt.verify.token.age | VALUE | Integer | Maximal expected token age in seconds | |
security.providers.mp-jwt-auth.allow-impersonation | VALUE | Boolean | false | Whether to allow impersonation by explicitly overriding username from outbound requests using io.helidon.security.EndpointConfig#PROPERTY_OUTBOUND_ID property |
security.providers.mp-jwt-auth.atn-token.default-key-id | VALUE | String | Default JWT key ID which should be used | |
security.providers.mp-jwt-auth.atn-token.handler | VALUE | i.h.s.u.TokenHandler | Token handler to extract username from request | |
security.providers.mp-jwt-auth.atn-token.jwk.resource | VALUE | i.h.c.c.Resource | JWK resource for authenticating the request | |
security.providers.mp-jwt-auth.atn-token.jwt-audience | VALUE | String | Audience expected in inbound JWTs | |
security.providers.mp-jwt-auth.atn-token.verify-key | VALUE | String | Path to public key | |
security.providers.mp-jwt-auth.authenticate | VALUE | Boolean | true | Whether to authenticate requests |
security.providers.mp-jwt-auth.load-on-startup | VALUE | Boolean | false | Whether to load JWK verification keys on server startup Default value is false |
security.providers.mp-jwt-auth.optional | VALUE | Boolean | false | Whether authentication is required |
security.providers.mp-jwt-auth.principal-type | VALUE | i.h.s.SubjectType | USER | Principal type this provider extracts (and also propagates) |
security.providers.mp-jwt-auth.propagate | VALUE | Boolean | true | Whether to propagate identity |
security.providers.mp-jwt-auth.sign-token | VALUE | i.h.s.p.c.OutboundConfig | Configuration of outbound rules |
See the manifest for all available types.