Outbound JWT rule
- Uses a preconfigured JWT account to get the JWT issuer, the token time to live (TTL), and the signing key.
- Generates the signed JWT token.
- Provides the token to the upstream server for authentication.
Preconfigured JWT account.
Rule execution order
This JWT Outbound rule executes after the initial request has been authorized.
| Field | Description |
|---|---|
| When this rule should be applied | An expression that defines one or more conditions that must be
true for the rule to execute.
Example: The expression |
| Token Location | Required. Select the Token location as
Header/Body/Query Default value: Header Example: Header |
| Authorization Scheme | Required. Select Bearer/Custom Authorization Scheme if
you have selected the Header option from the dropdown list. For Custom Authorization
Scheme spaces, include in the token key. Default value: Bearer Example: Bearer |
| Audience | The asset that the token should be valid for. Can be a string or a list of
strings. Example: YourService |
| Subject | The entity, for example, user or application that this token applies to. This
could be used to specify internal or third-party users or applications that the
token should be valid for. Example: user |
| Issued At Epoch | Specify the time (in milliseconds since January 1st, 1970) that indicates when
the JWT was created. Note: If the value is 0 or the field is left blank, Snap
considers the current instant in milliseconds. Example: 1673515370515 |
| Not Before Epoch | Specify the time (in milliseconds since January 1st, 1970) before which the JWT
remains invalid. Note: If the value is 0 or the field is left blank, Snap considers
the current instant in milliseconds minus two seconds. Example: 1673515370513 |
| Expiration Epoch | Specify the time (in milliseconds since January 1st, 1970) after which the JWT
is invalid. Note: If the value is 0 or the field is left blank, Snap considers the
current instant in milliseconds plus the TTL value from the account. Example: 1673515371515 |
| Token ID | A unique identifier for the token. This field can be used to embed a unique
identifier for tracking across multiple systems. Default value: Math.randomUUID() |
| Custom Metadata | Custom metadata to embed in token. This field is an Object / Map. For every key
value pair in this object, the key will form the name of the claim and the value
will be value of the claim. Default value: {} |
| Skip key ID | Select the checkbox (by disabling the Expression enabler) to skip the Key ID
parameter and remove it when generating the JWT.
Note: This property allows you to
provide or skip the Key ID in the JWT headers while generating the token. By
default, the checkbox is deselected, and Snap considers the Key ID as the alias of
the private key used in the account. If an API does not accept the Key ID, then
select this checkbox so that the Key ID is not used in JWT headers while
generating the token
Example: Deselect |
| Algorithm | Required. The hashing algorithm used to generate the signature of the token. Options available include:
Alternatively, the hashing algorithm for the RSA key used to generate the signature of the token includes the following options:
Example: HS256/RS256 |
| Description | Required. A brief description of this rule. Default value: Outbound requests are being authenticated using specified JWT token |