Older version3.2 ValvesJWTIDTokenUnwrapAndVerifyValve

IDTokenUnwrapAndVerifyValve

Parses a JWT ID and verifies date, issuer & audience. Used this valve when acting as an OIDC RP.

Parameters found in the id token is stored in the first item found. If an item is not present one will be created. 

Properties

Name Description Default value Mandatory Supports property expansion
token_parameter Where to find the JWT token id_token true Yes
performTimeValidation If to verify time expiration true/false. true true No

Example Configuration

{      
  "name": "IDTokenUnwrapAndVerifyValve",
  "config": {
  }
}

Requirements


  • expected_issuer parameter must be present and match the "issuer" in the token.
  • client_id parameter must be present and match the "aud" in the token.
  • Will create an item in the flow with a random id if no item exists.


General information

Only first level data in the token is extracted for complex id_token structure, consult support.