JwtProvider (security.providers.jwt) Configuration

boolean

Whether to allow impersonation by explicitly overriding username from outbound requests using io.helidon.security.EndpointConfig.PROPERTY_OUTBOUND_ID property. By default this is not allowed and identity can only be propagated.

boolean

Configure support for unsigned JWT. If this is set to true any JWT that has algorithm set to none and no kid defined will be accepted. Note that this has serious security impact - if JWT can be sent from a third party, this allows the third party to send ANY JWT and it would be accpted as valid.

TokenHandler

Token handler to extract username from request.

Resource

JWK resource used to verify JWTs created by other parties.

string

Audience expected in inbound JWTs.

boolean

Configure whether to verify signatures. Signatures verification is enabled by default. You can configure the provider not to verify signatures.

Make sure your service is properly secured on network level and only accessible from a secure endpoint that provides the JWTs when signature verification is disabled. If signature verification is disabled, this service will accept ANY JWT

boolean

Whether to authenticate requests.

boolean

Whether authentication is required. By default, request will fail if the username cannot be extracted. If set to false, request will process and this provider will abstain.

SubjectType (USER, SERVICE)

Principal type this provider extracts (and also propagates).

boolean

Whether to propagate identity.

OutboundConfig

Configuration of outbound rules.

Resource

JWK resource used to sign JWTs created by us.

string

Issuer used to create new JWTs.

boolean

Claim groups from JWT will be used to automatically add groups to current subject (may be used with jakarta.annotation.security.RolesAllowed annotation).