# Plug-in description

The JWT verification plug-in does not generate a token. The token is generated by the business. The plug-in only verifies that the token is legal. Supports verification of tokens using the following algorithms:

-HS256 -HS384 -HS512 -RS256 -RS384 -RS512 -ES256 -ES256K -ES384 -ES512

# Instructions for use

When a route requires JWT verification, you can add the JWT plug-in to the route details page for verification. The configuration is as follows:

# Global configuration

Support global default key configuration for plug-ins in Gateway Management->Plug-in Management. The custom configuration format is as follows:

{
"secretKey": "123456",
"secretKey_desc": "secret key for HS256/HS384/HS512 Algorithm",
"publicKey": "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4
yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9
83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs
WXI9C+yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT
69s7of9+I9l5lsJ9cozf1rxrXX4V1u/SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8
AziMCxS+VrRPDM+zfvpIJg3JljAh3PJHDiLu902v9w+Iplu1WyoB2aPfitxEhRN0
YwIDAQAB
-----END PUBLIC KEY-----",
"publicKey_desc": "public key for RS256/RS384/RS512/ES256/ES256K/ES384/ES512 Algorithm"
}
  • secretKey is the key used by the HS256/HS384/HS512 algorithm. If it is not these algorithms, it can be left blank.
  • publicKey is the public key used by the RS256/RS384/RS512/ES256/ES256K/ES384/ES512 algorithm. If it is not one of these algorithms, it can be left blank.
  • secretKey_desc description field
  • publicKey_desc description field

Routing-level key configuration has a higher priority than global keys. It is recommended to configure global keys.

# Routing level configuration

  • Key: If you have configured a global key configuration, you can leave it blank. If you do not configure a global key, each routing JWT plug-in needs to configure a key. When the JWT uses the HS256/HS384/HS512 algorithm, fill in the key to generate the token. When the JWT uses the RS256/RS384/RS512/ES256/ES256K/ES384/ES512 algorithm, fill in the public key (the public key is used to verify the token , the private key is used to generate the token).

  • You can customize the response message and HTTP status code when the token verification fails.

  • Extracting JWT Claims into the context is only used for secondary development and is not currently used.

# Caller passes parameters

The caller passes the Authorization request header when calling the interface, the format is: Authorization=Bearer token

Example:

Authorization=Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.keH6T3x1z7mmhKL1T3r9sQdAxxd zB6siemGMr_6ZOwU

appID management