This policy verifies the generated JSON Web token. If the token value has been tampered or the token is wrong, it will not allow the user to access the resource.
The properties that have to be configured to use the policy are described below.
Figure 1: Verify Json Web Token policy configuration attributes
|JWT Token Identifier||Configure the Message Part Identifier which contains the Content Type through which the JWT is passed.|
Specifies the encryption algorithm (HS256 or RS256 or ES256) which was used for generating the token.
The Key ID value corresponding to the algorithm chosen, which is provided in the JSON web keys.
Subject of the JWT issued as provided in the Json Web Token policy.
The "iss" (issuer) claim identifies the entity that issues the JWT. Provide the same as provided in the Json Web Token policy.
Recipient value. The audience value is comprised of comma separated strings.
This property is optional.
|Additional Claim||To provide custom claims other than the above properties.|
Where HS256 symmetric algorithm is chosen, Secret Key has to be provided. The minimum length of the string has to be 256 bit.
Verifying a json web token
Attains access of the resources if the token is valid.