Versions Compared

Old Version 2

changes.mady.by.user Terry van der Griend

Saved on

compared with

New Version 3

changes.mady.by.user Bart Sopers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Defining a JWT authentication provider

In the application.properties file, these properties are expected for a JWT authentication provider:

...

For the available JWT decoder settings see: https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html

Token validation

Since 16.8 the JWT Authentication provider validates tokens per request basis. This is done according the following the mechanism.

...

Validated an accepted tokens will be updated in the Http Session, in order to support long living downstream calls to other applications using the same token.


Configuration

Include Page
JWT Authentication Properties
JWT Authentication Properties

Limitations

  • Currently, when using JWT as an authentication provider, no other authentication provider on the chain will work.
  • Only KeyCloak with OpenIdConnect is supported


Development Dashboard

When using the Oauth JWT Authentication Provider the Development Dashboard will redirect unauthenticated users (when authentication is required) to the Blueriq Gateway Service as its source of authorization. More information regarding the Development Dashboard flow can be found here.