jwt_resign
Purpose
jwt_resign re-signs an existing JWT token. The original algorithm is honored. This transform works with both request tokens (generator created) and response tokens (responder created).
- If the
nbfclaim is defined in the token, then it is set to 10/10/2015 - The
expset to now+2 days - The
iatclaim set to now (current time)
Usage
"type": "jwt_resign"
| Key | Description |
|---|---|
| secretPath | The local path of secret mounted to generator (this is done automatically by the operator. See howto). If working in Kubernetes, you can specify a secret using this format: ${{secret:secret_name/key_inside_the_secret}} |
| iss | (optional) A replacement for iss value |
| aud | (optional) A replacement for aud value |
| sub | (optional) A replacement for sub value |
| claims | (optional) key/val pairs to be overwritten into claims map (key1=val1,key2=val2) |
| prefixes | (optional) prefixes to accept before JWT (defaults to "Bearer "). Don't forget the space at the end if it is present. |
Example
"type": "jwt_resign",
"config": {
"iss": "new value",
"aud": "new value",
"sub": "new value",
"secretPath": "local path of secret mounted to generator",
"claims": "key1=val1",
"prefixes": "Bearer ,myBearer "
}