...
Parameter Name | Description | Default Value | Example | ||
|---|---|---|---|---|---|
Label | Required. The name for the API policy. | JWT Validator | Task JWT Validator | ||
When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | True | request.method == "POST" | ||
Signing Algorithm |
| RSA | ECDSA | ||
Key· | None | N/A | ················· | ||
Extract into $token | Required. Specifies the location to find the key in the request. If one of the given locations is not found, this API policy will pass the request through to the next API policy. | N/A | N/A | ||
Custom Header Keys | The names of the headers. If more than one header is given, they will all be checked. Click + to add more custom header keys. | N/A | N/A | ||
Key | The name of the custom header key. | $.aud | |||
Custom Query String Parameter Keys | The names of the query parameters. If more than one name is given, they will all be checked. Click + to add more custom query string parameters. | N/A | N/A | ||
Key | The name of the custom query string parameter. | $key | |||
Custom Cookie Key |
| N/A | N/A | ||
Key | The name of the Custom Cookie Key |
| Cookie_1 | ||
Authorization Header Type | If the key is in the Authorization header, this value is used as the “type” to check. | N/A | |||
Extract User Info* | Required. Specifies how to extract information about the user from the working object. | N/A | N/A | ||
User ID Expression | An expression that returns a string to be used as the user ID. | N/A | $qty | ||
Roles Expression | An expression that returns the list of roles for the user. | N/A | $aud | ||
Status | Indicates whether the API policy is enabled or disabled. | Enabled | Disabled |
Example of Configuring the JWT Validator API Policy using RSA and HSA Signing Algorithms.
Pre-requisites
Apply Authorization by Role Policy.
Signature Algorithms, Key, User ID, Role and Cookie Key .
RSA Signing Algorithm Field Mappings:
To generate RSA token through Auth0 API.
Setup the JWT API in the Auth0 Dashboard > Applications > API, with RSA Signing Algorithm and identifier as the role that is needed for the policy:
Extract the
access tokenproperty from the response by issuing the API call using any API Platform like Postman:
Decode the access token using the jwt.io for extracting the key.
Role is configured in the Authorize by Role policy. Update User ID and Role with the $sub and $aud expression values in the respective fields in policy dialogue box to fetch the information:
| Info |
|---|
|
To add Custom Cookie Key, you need to add domain to your API or Proxy endpoint using Postman. Now add cookie and replace the value with the access token and save it.
Use the obtained Key, User ID, Role and Cookie Key for the JWT Validator Policy:
Parameter Name | Field Type | Example | |
|---|---|---|---|
Parameter Name | Field Type | Example | |
|---|---|---|---|
Label* | String | JWT Validator Policy | |
When this policy should be applied | String/Expression | request.method == "POST" | |
Signing Algorithm* | Dropdown | RSA | |
Key* | String | { "e": "AQAB", | |
Extract into $token* |
| ||
| Customer Header Keys | String/Expression | x-api-key |
Custom Query String Parameter Keys | String/Expression | myquery | |
Custom Cookie Key | String/Expression | Cookie_4 | |
Authorization Header Type | String | bearer | |
Extract User Info* | N/A | ||
| User ID Expression* | String/Expression | $sub |
Roles Expression* | String/Expression | $aud | |
Status | Dropdown List | Enabled | |
| Info |
|---|
Follow the same process for HSA Signing Algorithm. |