Older version2.8 ValvesJWTOTTokenVerifierValve

OTTokenVerifierValve

Verifies a JWT token issued by PhenixID One Touch. Note that module "phenix-replay-cache" must be deployed to ensure replay protection.

Properties

Name Description Default value Mandatory Supports property expansion

Example Configuration

{      
  "name": "OTTokenVerifierValve",
  "enabled": "true",
  "config": {
  }
}

Requirements

  • The incoming request must contiain parameter access_token.
  • Module phenix-replay-cache must be deployed to ensure replay protection.

General information

On successful validation two item properties are created:

  • subject - containing the value of the sub parameter from the JWT token payload. Typically the username used when activating PhenixID One Touch.
  • token_issuer - containing the value of the iss parameter from the JWT token payload. Typically the name of the issuing PhenixID One Touch service.
  • If no item is present at execution time, a new will be created with id identical to the sub from the JWT token.