{
"additionalProperties": false,
"description": "This action is used to control access to backend server resources using JSON Web Token(JWT) authentication. The JWT authentication is done before any HTTP manipulation if the HTTP request matches the given condition in LBRule. Any verification failed, the HTTP process will be terminated, and HTTP response with 401 status code and WWW-Authentication header will be returned to client.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBJwtAuthAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBJwtAuthAction"
},
"properties": {
"key": {
"$ref": "LBJwtKey,
"descrption": "Keys are used for verifying the signature of JWT token. In current\nversion, only symmetric (HMAC SHA256) key and asymmetric (RS256) key\nare supported. It is optional, in case no key specified, the jwt\nsignature won't be verified.\n",
"required": false,
"title": "LBJwtKey used for verifying the signature of JWT token"
},
"pass_jwt_to_pool": {
"default": false,
"description": "Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers.",
"required": false,
"title": "Whether to pass the JWT to backend server or remove it",
"type": "boolean"
},
"realm": {
"description": "A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be \"WWW-Authentication: Bearer realm=<realm>\".",
"required": false,
"title": "JWT realm",
"type": "string"
},
"tokens": {
"description": "JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request \"Authorization: Bearer <token>\".",
"items": {
"type": "string"
},
"required": false,
"title": "JWT tokens",
"type": "array"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to control access using JWT authentication",
"type": "object"
}