Field | Description |
Token issuer | Name of the JWT token issuer used by API Gateway. Note: The Token issuer value is case-sensitive. |
Algorithm | The cryptographic algorithm to sign JSON Web Tolens (JWTs). Supported values are: RS256, RS384, and RS512. |
Expiry duration | The duration (in minutes) for which the token is valid. For example, the value 60 denotes that the access token will expire in one hour from the time the token was generated. |
Audience | Optional. The intended recipient of the token. The application that receives the token must verify that the audience value is correct and reject any tokens intended for a different audience. |
Keystore alias | Alias of the keystore containing the private key that is used to sign JWTs. The Keystore alias field contains a list of the available keystore aliases in API Gateway. If there are no configured keystore aliases, this field displays the DEFAULT_IS_KEYSTORE. |
Key alias | Alias of the private key used to sign JWTs. The Key alias field contains a list of the available aliases in the selected keystore. If there are no configured keystores, this field is empty. |
Discovery endpoints | Specifies the discovery endpoint of a JWT where you can find the endpoints to fetch JWT token, public certificates, token issuer and algorithm. The discovery endpoint contains the following details of the JWT token: issuer: The value given in the Token Issuer of the JWT configuration. token_endpoint: Specifies the endpoint to fetch the JWT token. jwks_uri : Specifies JSON Web Key Signature endpoint to fetch the corresponding public certificate for the keystore configured in the JWT configuration. jwt_token_signing_alg_values_supported: Specifies the algorithm specified in the JWT configuration. expiry: Specifies the expiry time that specifies the time in minutes for which the token is valid as specified in JWT configuration. Note: The discovery endpoint displayed is based on the port configured and the extended setting configured. For example if pg_jwt_isHTTPS is set to true then you have to configure only the HTTPS port. If there is no HTTPS port and the pg_jwt_isHTTPs is set to true there is no discovery endpoint displayed. |