JWT with Keys
This page is marked as "earlydoc", which means that it more of a collection of notes and an early draft before this page turns into good documentation later on. It is hoped that this early form of documentation is useful to you, but please understand that most documentation pages are higher quality than this. If you have suggestions or comments, please do get in contact or consider contributing your suggestions to the OliveTin documentation. |
Using Public Keys via JWKS
OliveTin Supports JSON Web Key Sets (JWKS). This approach is often used with services like CloudFlare.
config.yaml
authJwtAud: "asdf1234"
authJwtCertsURL: "https://mydomain.cloudflareaccess.com/cdn-cgi/access/certs"
authJwtClaimUsername: email
authJwtCookieName: "CF_Authorization"
You may well want to set logLevel: DEBUG
and insecureAllowDumpJwtClaims: true
in your config when testing JWT for the first time.
Using Public Keys on Disk
This approach can be useful if your Authentication service does not support JWKS, or if you don’t want to use it. Public Keys should be available on disk in a file - which can have any filename or extension you like. The files need to be RSA keys in PEM format to be used by OliveTin, though. P12 is not supported.
config.yaml
authJwtAud: "asdf1234"
authJwtPubKeyPath: "/opt/mykey.crt"
authJwtClaimUsername: email
authJwtCookieName: "CF_Authorization"