Jwt-issuer-settings (Section)#
Path: /profiles/profile{id, type}/token-issuers/default-token-issuer/jwt-issuer-settings
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| clock-skew | uint32 | optional | 3 | The number of seconds that token lifetimes and issue times should be skewed to accommodate for clocks that may be out of sync |
| include-key-identifier | boolean | optional | true | Indicate whether to include the ‘kid’-claim in the JWT header. |
| include-sha-1-thumbprint | boolean | optional | true | Indicate whether to include the ‘x5t’-claim in the JWT header, that contains the SHA-1 thumbprint of the X.509 certificate. |
| include-sha-256-thumbprint | boolean | optional | false | Indicate whether to include the ‘x5t#S256’-claim in the JWT header, that contains the SHA-256 thumbprint of the X.509 certificate. |
| include-x509-certificate-chain | boolean | optional | false | Indicate whether to include the ‘x5c’-claim in the JWT header, that contains the X.509 public key certificate or certificate chain. |
| include-jwks | boolean | optional | false | Indicate whether to include the ‘jwk’-claim in the JWT header, that contains the verification or the key that was used to encrypt the JWT. |
| include-jwks-uri | boolean | optional | false | Indicate whether to onclude the ‘jku’-claim in the JWT header, that contains the URL to the JWK Set resource that contains the verification key or the key that was used to encrypt the JWT. Note that tokens that are not issued in OpenId Connect or OAuth context, will not be able to include this field in the JWT header. |
| include-x5t-in-jwks | boolean | optional | true | Indicate whether to include the certificate thumbprint (‘x5t’) in the JWKS endpoint |
| include-x5c-in-jwks | boolean | optional | false | Indicate whether to include the certificate (‘x5c’) in the JWKS endpoint |
| algorithm | jwt-algorithm | optional | RS256 | The signing algorithm to use |
| signing-key-id | leafref | required | A reference to a signing key entry in crypto facilities. Also used for signature verification if no signature verification key is selected. | |
| verification-keystore-id | leafref | optional | A reference to the key used to verify a signature issued by this token issuer. Must be of the same type as the selected signing key. |