RBAC with JWT containing role
This guide explains how to set up Role-Based Access Control with JWT containing a role claim
Token introspection
To make Aidbox trust JWT
issued by external server token introspection is used.
Create TokenIntrospector
TokenIntrospector
Create AccessPolicy
for the role manager
AccessPolicy
for the role manager
Create JWT
token
JWT
tokenTo build JWT
use this tool. Mind the claims:
issuer
claim should behttps://auth.example.com
role
additional claim should bemanager
expiration
claim should be in the futuresubject
claim can be any value
To get signed JWT press the Create Signed JWT
button. The generated JWT
looks like this
Use the JWT
to get the access
JWT
to get the accessMake an HTTP request providing authorization
header with the JWT
as a Bearer
token.
Last updated
Was this helpful?