Last updated
Was this helpful?
Last updated
Was this helpful?
Token introspection is the setup when Aidbox trusts JWT
issued by external server.
TokenIntrospector
The other example would be:
Currently we use common secret
to validate our introspector works. In production installations it's better to switch to jwks_uri
instead
AccessPolicy
User
Build JWT
issuer
should be https://auth.example.com
expiration
should be in the future
subject
should be basic
(user id)
key
should be very-secret
string
Press Create Signed JWT
button to get signed JWT. The generated JWT
looks like this
JWT
to get the accessMake an HTTP request providing authorization
header with the JWT
as a Bearer
token.
with introspection_endpoint
:
All available TokenIntrospector
attributes:
Use to build your JWT. Mind the claims:
This guide explains how to configure Aidbox to trust external JWT