JWT Consumer (jwtConsumer)

JWT Consumer (jwtConsumer)

The JWT consumer information to validate the JWT token.

Name Type Default Description

audiences string
This is specified as a child element rather than as an XML attribute. The trusted audience list to be included in the aud claim in the JSON web token.

clockSkew A period of time with millisecond precision 5m This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

id string This ID is used to identify the JWT consumer. If an ID value is not specified, the consumer is not processed. The ID must be a URL-safe string. The JwtConsumer API uses this ID to determine which consumer configuration to use to consume JWTs.

issuer string An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme containing scheme, host, and optionally port number and path components.

jwkEnabled boolean false Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored.

jwkEndpointUrl string Specifies a JWK end point URL.

keyManagementKeyAlias string Private key alias of the key management key used to decrypt the Content Encryption Key of a JWE.

sharedKey Reversably encoded password (string) String that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key.

signatureAlgorithm

ES256
ES384
ES512
HS256
HS384
HS512
RS256
RS384
RS512

Signature algorithm that will be used to sign the JWT token.
ES256
Use the ES256 signature algorithm to sign and verify tokens.
ES384
Use the ES384 signature algorithm to sign and verify tokens.
ES512
Use the ES512 signature algorithm to sign and verify tokens.
HS256
Use the HS256 signature algorithm to sign and verify tokens.
HS384
Use the HS384 signature algorithm to sign and verify tokens.
HS512
Use the HS512 signature algorithm to sign and verify tokens.
RS256
Use the RS256 signature algorithm to sign and verify tokens.
RS384
Use the RS384 signature algorithm to sign and verify tokens.
RS512
Use the RS512 signature algorithm to sign and verify tokens.

sslRef Top level ssl element (string). Specifies an ID of the SSL configuration used to connect to the OpenID Connect provider.

trustStoreRef Top level keyStore element (string). A keystore containing the public key that can verify a signature of the JWT token.

trustedAlias string A trusted key alias for using the public key to verify the signature of the token

useSystemPropertiesForHttpClientConnections boolean false Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if we want the connections to use the http* and javax* system properties.

Name	Type	Default	Description
audiences	string This is specified as a child element rather than as an XML attribute.		The trusted audience list to be included in the aud claim in the JSON web token.
clockSkew	A period of time with millisecond precision	5m	This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
id	string		This ID is used to identify the JWT consumer. If an ID value is not specified, the consumer is not processed. The ID must be a URL-safe string. The JwtConsumer API uses this ID to determine which consumer configuration to use to consume JWTs.
issuer	string		An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme containing scheme, host, and optionally port number and path components.
jwkEnabled	boolean	false	Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored.
jwkEndpointUrl	string		Specifies a JWK end point URL.
keyManagementKeyAlias	string		Private key alias of the key management key used to decrypt the Content Encryption Key of a JWE.
sharedKey	Reversably encoded password (string)		String that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key.
signatureAlgorithm	ES256 ES384 ES512 HS256 HS384 HS512 RS256 RS384 RS512		Signature algorithm that will be used to sign the JWT token. ES256 Use the ES256 signature algorithm to sign and verify tokens. ES384 Use the ES384 signature algorithm to sign and verify tokens. ES512 Use the ES512 signature algorithm to sign and verify tokens. HS256 Use the HS256 signature algorithm to sign and verify tokens. HS384 Use the HS384 signature algorithm to sign and verify tokens. HS512 Use the HS512 signature algorithm to sign and verify tokens. RS256 Use the RS256 signature algorithm to sign and verify tokens. RS384 Use the RS384 signature algorithm to sign and verify tokens. RS512 Use the RS512 signature algorithm to sign and verify tokens.
sslRef	Top level ssl element (string).		Specifies an ID of the SSL configuration used to connect to the OpenID Connect provider.
trustStoreRef	Top level keyStore element (string).		A keystore containing the public key that can verify a signature of the JWT token.
trustedAlias	string		A trusted key alias for using the public key to verify the signature of the token
useSystemPropertiesForHttpClientConnections	boolean	false	Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if we want the connections to use the http* and javax* system properties.