gravitee-docs icon indicating copy to clipboard operation
gravitee-docs copied to clipboard

Published 20 hours ago verified publisher icon gravitee-io

Update JWT Policy documentation

Open tech-Nico opened this issue 2 years ago • 0 comments

The JWT Policy documentation needs to be updated. Specifically, the documentation mentions that:

The policy prompts you to choose between three (GIVEN_KEY, GIVEN_ISSUER, GATEWAY_ISSUER) methods to retrieve the required public key.

This is actually not correct. The policy (as of 3.17.1) actually supports the following methods to retrieve the public key:

  • GIVEN_KEY: You must provide a signature key as a resolver parameter according to the signature algorithm
  • GATEWAY_KEYS: Look for signature key from API Gateway configuration according to issuer and kid from incoming JWT
  • JWKS_URL: Retrieve JWKS from URL (Basically, URL ending with '/.well-known/jwks.json')

tech-Nico avatar Apr 11 '22 14:04 tech-Nico