apm oauth jwt-config
apm oauth jwt-config(1) BIG-IP TMSH Manual apm oauth jwt-config(1)
NAME
jwt-config - Manages JSON web tokens to be used with Client/RS.
MODULE
apm oauth
SYNTAX
Configure the jwt-config component within the oauth module using the following syntax.
CREATE/MODIFY
create jwt-config [name] modify jwt-config [name]
options:
access-token-expires-in [integer]
allowed-keys [add | delete | replace-all-with] {
[name]
}
allowed-signing-algorithms [none | HS256 | HS384 | HS512 | RS256 | RS384 | RS512 | ES256 | ES384]
app-service [[string] | none]
audience [[string] | none]
auto-generated [bool]
blacklist-access-tokens [add | delete | modify | none | replace-all-with] {
name [string] {
app-service [[string] | none]
value-list [add | delete | none | replace-all-with] {
name [string]
}
}
}
blocked-keys [add | delete | replace-all-with] {
[name]
}
blocked-signing-algorithms [none | HS256 | HS384 | HS512 | RS256 | RS384 | RS512 | ES256 | ES384]
issuer [[string] | none]
jwks-uri [[string] | none]
use-jwt-provider-list-settings [bool]
edit jwt-config [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DISPLAY
list jwt-config
list jwt-config [ [ [name] | [glob] | [regex] ] ... ]
show running-config jwt-config
show running-config jwt-config [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DELETE
delete jwt-config [name]
DESCRIPTION
You can use jwt-config component for JWT config management to be used by Client/RS.
EXAMPLES
create jwt-config myJwt {
allowed-keys {
myJwk1 { }
myJwk2 { }
myJwk3 { }
}
allowed-signing-algorithms { RS256 }
issuer https://abc.com
}
Creates a JSON web token named myJwt that allows signing algorithm RS256 and JSON web keys myJwk1, myJwk2, myJwk3 and
the issuer is https://abc.com.
list jwt-config
Displays a list of registered JSON web tokens.
delete jwt-config myJwt
Deletes the JSON web token myJwt.
OPTIONS
access-token-expires-in
Specifies the number of minutes the access token should live. Default value is 0, which means the token never expires.
allowed-keys
Specifies the list of allowed JSON web keys for the token.
allowed-signing-algorithms
Specifies the list of allowed signing algorithms for the token.
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
audience
Specifies the audience for the token.
auto-generated
Specifies whether this token was configured manually or was generated through auto-discovery. This is a read-only
attribute.
blacklist-access-tokens
Specifies key-value-list that can be used to blacklist tokens based on the key and the list of values for that key.
blocked-keys
Specifies the list of blocked JSON web keys for the token.
blocked-signing-algorithms
Specifies the list of blocked signing algorithms for the token.
issuer
Specifies the issuer of the token.
jwks-uri
Specifies the location of public signing keys for an OAuth Provider. This field is read-only.
use-jwt-provider-list-settings
Specifies whether the settings configured in jwt-provider-list of which this JWT config is a part, should be used. The
default value is true.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2016, 2017. All rights reserved.
BIG-IP 2017-06-29 apm oauth jwt-config(1)