🎓Token introspection
Configure Aidbox to trust external JWT
Token introspection is the setup when Aidbox trusts JWT issued by external server.
In this guide external auth server URL is https://auth.example.com
Set up Aidbox
Create TokenIntrospector
TokenIntrospectorPUT /TokenIntrospector/external-auth-server
content-type: text/yaml
resourceType: TokenIntrospector
id: external-auth-server
type: jwt
jwt:
iss: https://auth.example.com
secret: very-secretDefine AccessPolicy
AccessPolicyPUT /AccessPolicy/external-auth-server
content-type: text/yaml
resourceType: AccessPolicy
id: external-auth-server
engine: json-schema
schema:
required:
- jwt
properties:
jwt:
required:
- iss
properties:
iss:
constant: https://auth.example.comCreate User
UserPUT /User/some-user-id
content-type: text/yaml
resourceType: User
id: some-user-id
data:
id: basic
sub: basic
email: [email protected]Validating introspector works
Build JWT
Use this tool to build your JWT. Mind the claims:
issuershould behttps://auth.example.comexpirationshould be in the futuresubjectshould bebasic(user id)keyshould bevery-secretstring
Press Create Signed JWT button to get signed JWT. The generated JWT looks like this
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2NTc4ODA4NjMsImV4cCI6MTY4OTQxNjg2MywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.TvlrkjPfNAATDW6tHOcgRh3ZNl2tYpUPkFBS_UjU6TYUse the JWT to get the access
JWT to get the accessMake an HTTP request providing authorization header with the JWT as a Bearer token.
GET /fhir/Patient
Authorization: Bearer eyJ0...U6TYLast updated
Was this helpful?