| Table of Contents | ||
|---|---|---|
|
Overview
Use the Outbound JSON Web Token (JWT) policy to authenticate upstream request with a token. API consumers can use HSA or RSA signing algorithms with preconfigured JWT account to set-up this policy. Before calling the upstream URL, the policy does the following:
...
Preconfigured JWT account. Learn more.
Policy Execution Order
This JWT Outbound policy executes after the request has been authorized.
All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.
Settings
...
Parameter Name | Field Type | Description | Default Value | Example | |||
|---|---|---|---|---|---|---|---|
Setting Tab | |||||||
Label* | String | Required. The name for the API policy. | Outbound JWT Policy | Outbound JWT Policy for Proxy | |||
When this policy should be applied | String/Expression | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | N/A | request.method == “POST” | |||
Token Location* | Dropdown List | Select the Token location as Header/Body/Query | Header | Header | |||
Header | Authorization Scheme* Bearer | Dropdown List | Select Bearer/Custom Authorization Scheme if you have selected the Header option from the dropdown list.
| Bearer | Bearer | ||
| Custom | String | Add your Custom Authorization Scheme here. | N/A | CustomScheme | ||
Body | Request Body Key
| String | Enter JSON key with the value of the token. | N/A | RequestBodyKey | ||
Query | Query String Parameter Name
| String | Name the Query String Parameter. | N/A | QueryParameterKey | ||
Audience | Expression/String | The asset that the token should be valid for. Can be a string or a list of strings. | N/A | YourService | |||
Subject | Expression/String | The entity, for example, user or application that this token applies to. This could be used to specify internal or third-party users or applications that the token should be valid for. | N/A | user | |||
Issued At Epoch | Expression/String | Specify the time (in milliseconds since January 1st, 1970) that indicates when the JWT was created.
| N/A | 1673515370515 | |||
Not Before Epoch | Expression/String | Specify the time (in milliseconds since January 1st, 1970) before which the JWT remains invalid.
| N/A | 1673515370513 | |||
Expiration Epoch | Expression/String | Specify the time (in milliseconds since January 1st, 1970) after which the JWT is invalid.
| N/A | 1673515371515 | |||
Token ID | Expression/String | A unique identifier for the token. This field can be used to embed a unique identifier for tracking across multiple systems.
| Math.randomUUID() | N/A | |||
Custom Metadata | Expression/String | Custom metadata to embed in token. This field is an Object / Map. For every key value pair in this object, the key will form the name of the claim and the value will be value of the claim.
| {} | N/A | |||
Skip key ID | Expression/String | Select the checkbox (by disabling the Expression enabler) to skip the Key ID parameter and remove it when generating the JWT.
| N/A | Deselect | |||
Algorithm*
| String | Required. The hashing algorithm used to generate the signature of the token. Options available include:
Alternatively, the hashing algorithm for the RSA key used to generate the signature of the token includes the following options:
| N/A | HS256/RS256 | |||
Status | Dropdown List | Specifies whether the API policy is enabled or disabled. | Enabled | Enabled | |||
Account Tab | |||||||
Account Reference* | Dropdown List | Select a preconfigured JWT account from the dropdown list that is configured in the | N/A | ../../shared/OutboundPolicyRestOAuth2 | |||