• Home
• io.helidon
• helidon-docs
• 4.0.11
• source code
• jwt.adoc

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

includes.security.providers.jwt.adoc Maven / Gradle / Ivy

///////////////////////////////////////////////////////////////////////////////

    Copyright (c) 2020, 2023 Oracle and/or its affiliates.

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.

///////////////////////////////////////////////////////////////////////////////

ifndef::rootdir[:rootdir: {docdir}/../../..]

=== JWT Provider
:description: Helidon Security JWT Provider
:keywords: helidon, security, jwt
:feature-name: JWT Security Provider

JWT token authentication and outbound security provider.

==== Setup

[source,xml]
.Maven dependency
----

    io.helidon.security.providers
    helidon-security-providers-jwt

----

==== Overview

include::{rootdir}/config/io_helidon_security_providers_jwt_JwtProvider.adoc[leveloffset=+2,tag=config]

==== Example code

See the link:{helidon-github-tree-url}/examples/security/outbound-override[example] on GitHub.

[source,yaml]
.Configuration example
----
security:
  providers:
    - provider:
        atn-token:
          jwk.resource.resource-path: "verifying-jwk.json"
          jwt-audience: "http://my.service"
        sign-token:
          jwk.resource.resource-path: "signing-jwk.json"
          jwt-issuer: "http://my.server/identity"
          outbound:
          - name: "propagate-token"
            hosts: ["*.internal.org"]
          - name: "generate-token"
            hosts: ["1.partner-service"]
            jwk-kid: "partner-1"
            jwt-kid: "helidon"
            jwt-audience: "http://1.partner-service"
----

==== How does it work?
JSON Web Token (JWT) provider has support for authentication and outbound security.

Authentication is based on validating the token (signature, valid before etc.) and on asserting the subject
of the JWT subject claim.

For outbound, we support either token propagation (e.g. the token from request is propagated further) or
support for generating a brand new token based on configuration of this provider.