JWT Validator

Use the Java Web Token (JWT) Validator policy to authenticate a request with a token. When you apply this policy, API consumers must use their JWT credentials to sign their JWT. Before allowing API access to the consumer, the policy does the following:

The policy checks if the JWT token is valid
If valid, the policy processes the request
If invalid, the policy discards the request

Policy Execution Order

This JWT Validator policy executes after the request has been authorized.

Expression Enabled Fields in API Policies

All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.

Parameter Name	Description	Default Value	Example
Label	Required. The name for the API policy.	JSON Validator	Task JSON Validator
When this policy should be applied	An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.	True	request.method == "POST"
Signing Algorithm	RSA HSA ECDSA
Key	The name of the custom header key.
Extract into $token	Required. Specifies the location to find the key in the request. If one of the given locations is not found, this API policy will pass the request through to the next API policy.
Custom Query String Parameter Keys	The names of the query parameters that can contain the key. If more than one name is given, they will all be checked. Click + to add more custom query string parameters.
Authorization Header Type	If the key is in the Authorization header, this value is used as the “type” to check.
Extract User Info*	Required. Specifies how to extract information about the user from the working object.
User ID Expression	An expression that returns a string to be used as the user ID.
Roles Expression	An expression that returns the list of roles for the user.
Status	Indicates whether the API policy is enabled or disabled.	Enabled	Disabled