Last updated
Was this helpful?
Last updated
Was this helpful?
Token introspection is the setup when Aidbox trusts JWT issued by external server.
TokenIntrospectorThe other example would be:
Currently we use common secret to validate our introspector works. In production installations it's better to switch to jwks_uri instead
AccessPolicyUserBuild JWT
issuer should be https://auth.example.com
expiration should be in the future
subject should be basic (user id)
key should be very-secret string
Press Create Signed JWT button to get signed JWT. The generated JWT looks like this
JWT to get the accessMake an HTTP request providing authorization header with the JWT as a Bearer token.
with introspection_endpoint:
All available TokenIntrospector attributes:
Use to build your JWT. Mind the claims:
This guide explains how to configure Aidbox to trust external JWT