apm oauth jwt-config
apm oauth jwt-config(1) BIG-IP TMSH Manual apm oauth jwt-config(1)
NAME
jwt-config - Manages JSON web tokens to be used with Client/RS.
MODULE
apm oauth
SYNTAX
Configure the jwt-config component within the oauth module using the
following syntax.
CREATE/MODIFY
create jwt-config [name] modify jwt-config [name]
options:
access-token-expires-in [integer]
allowed-keys [add | delete | replace-all-with] {
[name]
}
allowed-signing-algorithms [none | HS256 | HS384 | HS512 | RS256 |
RS384 | RS512 | ES256 | ES384]
app-service [[string] | none]
audience [[string] | none]
auto-generated [bool]
blacklist-access-tokens [add | delete | modify | none |
replace-all-with] {
name [string] {
app-service [[string] | none]
value-list [add | delete | none | replace-all-with] {
name [string]
}
}
}
blocked-keys [add | delete | replace-all-with] {
[name]
}
blocked-signing-algorithms [none | HS256 | HS384 | HS512 | RS256 |
RS384 | RS512 | ES256 | ES384]
issuer [[string] | none]
jwks-uri [[string] | none]
use-jwt-provider-list-settings [bool]
edit jwt-config [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DISPLAY
list jwt-config
list jwt-config [ [ [name] | [glob] | [regex] ] ... ]
show running-config jwt-config
show running-config jwt-config [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DELETE
delete jwt-config [name]
DESCRIPTION
You can use jwt-config component for JWT config management to be used
by Client/RS.
EXAMPLES
create jwt-config myJwt {
allowed-keys {
myJwk1 { }
myJwk2 { }
myJwk3 { }
}
allowed-signing-algorithms { RS256 }
issuer https://abc.com
}
Creates a JSON web token named myJwt that allows signing algorithm
RS256 and JSON web keys myJwk1, myJwk2, myJwk3 and the issuer is
https://abc.com.
list jwt-config
Displays a list of registered JSON web tokens.
delete jwt-config myJwt
Deletes the JSON web token myJwt.
OPTIONS
access-token-expires-in
Specifies the number of minutes the access token should live.
Default value is 0, which means the token never expires.
allowed-keys
Specifies the list of allowed JSON web keys for the token.
allowed-signing-algorithms
Specifies the list of allowed signing algorithms for the token.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
audience
Specifies the audience for the token.
auto-generated
Specifies whether this token was configured manually or was
generated through auto-discovery. This is a read-only attribute.
blacklist-access-tokens
Specifies key-value-list that can be used to blacklist tokens
based on the key and the list of values for that key.
blocked-keys
Specifies the list of blocked JSON web keys for the token.
blocked-signing-algorithms
Specifies the list of blocked signing algorithms for the token.
issuer
Specifies the issuer of the token.
jwks-uri
Specifies the location of public signing keys for an OAuth
Provider. This field is read-only.
use-jwt-provider-list-settings
Specifies whether the settings configured in jwt-provider-list of
which this JWT config is a part, should be used. The default value
is true.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2016, 2017. All rights
reserved.
BIG-IP 2017-06-29 apm oauth jwt-config(1)