Edge Route JWT Validation Module
Replace HTTPS Edge Route JWT Validation Module
Request
PUT /edges/https/{edge_id}/routes/{id}/jwt_validation
Example Request
curl \
-X PUT \
-H "Authorization: Bearer {API_KEY}" \
-H "Content-Type: application/json" \
-H "Ngrok-Version: 2" \
-d '{"enabled":true,"issuer":{"allow_list":[{"value":"https://dev-72114178.okta.com/oauth2/default"}]},"audience":{"allow_list":[{"value":"api://default"}]},"http":{"tokens":[{"type":"at+jwt","method":"header","name":"Authorization","prefix":"Bearer "}]},"jws":{"allowed_algorithms":["RS256","ES256"],"keys":{"sources":{"additional_jkus":["https://dev-72114178.okta.com/oauth2/default/v1/keys"]}}}}' \
https://api.ngrok.com/edges/https/edghts_2bMmWzYWLzzKgJYEmATUCeKyXC7/routes/edghtsrt_2bMmWyYf66VUxm5wo7sfcLgrHoH/jwt_validation
Parameters
| Name | Type | Description |
|---|---|---|
enabled | boolean | true if the module will be applied to traffic, false to disable. default true if unspecified |
issuer | EndpointJWTValidationIssuerConfig | configuration about the Issuer(s) of the JWTs. |
audience | EndpointJWTValidationAudienceConfig | configuration about the Audience(s) of the JWTs. |
http | EndpointJWTValidationHTTPConfig | configuration about the HTTP requests containing JWTs. |
jws | EndpointJWTValidationSigningConfig | configuration about signed JWTs (JWS). |
EndpointJWTValidationIssuerConfig parameters
| Name | Type | Description |
|---|---|---|
allow_list | EndpointJWTValidationIssuer | the list of allowed issuers. |
EndpointJWTValidationIssuer parameters
| Name | Type | Description |
|---|---|---|
value | string | the URL of the issuer. |
EndpointJWTValidationAudienceConfig parameters
| Name | Type | Description |
|---|---|---|
allow_list | EndpointJWTValidationAudience | the list of allowed audiences. |
EndpointJWTValidationAudience parameters
| Name | Type | Description |
|---|---|---|
value | string | the audience value. |
EndpointJWTValidationHTTPConfig parameters
| Name | Type | Description |
|---|---|---|
tokens | EndpointJWTValidationHTTPToken | the list of tokens to validate. |
EndpointJWTValidationHTTPToken parameters
| Name | Type | Description |
|---|---|---|
type | string | the type of the JWT, which acts as a hint to ngrok about how to parse. Must be one of "jwt", "at+jwt", or "it+jwt". |
method | string | the type of location to expect the JWT. Must be one of "header" or "body". |
name | string | the name of the header or body field where the JWT is expected. |
prefix | string | any prefix to strip from the JWT before parsing. |
EndpointJWTValidationSigningConfig parameters
| Name | Type | Description |
|---|---|---|
allowed_algorithms | List<string> | the list of allowed signing algorithms. |
keys | EndpointJWTValidationSigningKeys | the configuration for the JWT signing keys. |
EndpointJWTValidationSigningKeys parameters
| Name | Type | Description |
|---|---|---|
sources | EndpointJWTValidationSigningKeySources | the configuration for acquiring the key material used to verify the signed JWTs. |
EndpointJWTValidationSigningKeySources parameters
| Name | Type | Description |
|---|---|---|
additional_jkus | List<string> | the list of URLs which serve the possible signing keys in JWKS format. |
Response
Returns a 200 response on success
Example Response
{
"enabled": true,
"issuer": {
"allow_list": [
{
"value": "https://dev-72114178.okta.com/oauth2/default"
}
]
},
"audience": {
"allow_list": [
{
"value": "api://default"
}
]
},
"http": {
"tokens": [
{
"type": "at+jwt",
"method": "header",
"name": "Authorization",
"prefix": "Bearer "
}
]
},
"jws": {
"allowed_algorithms": ["RS256", "ES256"],
"keys": {
"sources": {
"additional_jkus": [
"https://dev-72114178.okta.com/oauth2/default/v1/keys"
]
}
}
}
}
Fields
| Name | Type | Description |
|---|---|---|
enabled | boolean | true if the module will be applied to traffic, false to disable. default true if unspecified |
issuer | EndpointJWTValidationIssuerConfig | configuration about the Issuer(s) of the JWTs. |
audience | EndpointJWTValidationAudienceConfig | configuration about the Audience(s) of the JWTs. |
http | EndpointJWTValidationHTTPConfig | configuration about the HTTP requests containing JWTs. |
jws | EndpointJWTValidationSigningConfig | configuration about signed JWTs (JWS). |
EndpointJWTValidationIssuerConfig fields
| Name | Type | Description |
|---|---|---|
allow_list | EndpointJWTValidationIssuer | the list of allowed issuers. |
EndpointJWTValidationIssuer fields
| Name | Type | Description |
|---|---|---|
value | string | the URL of the issuer. |
EndpointJWTValidationAudienceConfig fields
| Name | Type | Description |
|---|---|---|
allow_list | EndpointJWTValidationAudience | the list of allowed audiences. |
EndpointJWTValidationAudience fields
| Name | Type | Description |
|---|---|---|
value | string | the audience value. |
EndpointJWTValidationHTTPConfig fields
| Name | Type | Description |
|---|---|---|
tokens | EndpointJWTValidationHTTPToken | the list of tokens to validate. |
EndpointJWTValidationHTTPToken fields
| Name | Type | Description |
|---|---|---|
type | string | the type of the JWT, which acts as a hint to ngrok about how to parse. Must be one of "jwt", "at+jwt", or "it+jwt". |
method | string | the type of location to expect the JWT. Must be one of "header" or "body". |
name | string | the name of the header or body field where the JWT is expected. |
prefix | string | any prefix to strip from the JWT before parsing. |
EndpointJWTValidationSigningConfig fields
| Name | Type | Description |
|---|---|---|
allowed_algorithms | List<string> | the list of allowed signing algorithms. |
keys | EndpointJWTValidationSigningKeys | the configuration for the JWT signing keys. |
EndpointJWTValidationSigningKeys fields
| Name | Type | Description |
|---|---|---|
sources | EndpointJWTValidationSigningKeySources | the configuration for acquiring the key material used to verify the signed JWTs. |
EndpointJWTValidationSigningKeySources fields
| Name | Type | Description |
|---|---|---|
additional_jkus | List<string> | the list of URLs which serve the possible signing keys in JWKS format. |
Get HTTPS Edge Route JWT Validation Module
Request
GET /edges/https/{edge_id}/routes/{id}/jwt_validation
Example Request
curl \
-X GET \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/edges/https/edghts_2bMmWzYWLzzKgJYEmATUCeKyXC7/routes/edghtsrt_2bMmWyYf66VUxm5wo7sfcLgrHoH/jwt_validation
Response
Returns a 200 response on success
Example Response
{
"enabled": true,
"issuer": {
"allow_list": [
{
"value": "https://dev-72114178.okta.com/oauth2/default"
}
]
},
"audience": {
"allow_list": [
{
"value": "api://default"
}
]
},
"http": {
"tokens": [
{
"type": "at+jwt",
"method": "header",
"name": "Authorization",
"prefix": "Bearer "
}
]
},
"jws": {
"allowed_algorithms": ["RS256", "ES256"],
"keys": {
"sources": {
"additional_jkus": [
"https://dev-72114178.okta.com/oauth2/default/v1/keys"
]
}
}
}
}
Fields
| Name | Type | Description |
|---|---|---|
enabled | boolean | true if the module will be applied to traffic, false to disable. default true if unspecified |
issuer | EndpointJWTValidationIssuerConfig | configuration about the Issuer(s) of the JWTs. |
audience | EndpointJWTValidationAudienceConfig | configuration about the Audience(s) of the JWTs. |
http | EndpointJWTValidationHTTPConfig | configuration about the HTTP requests containing JWTs. |
jws | EndpointJWTValidationSigningConfig | configuration about signed JWTs (JWS). |
EndpointJWTValidationIssuerConfig fields
| Name | Type | Description |
|---|---|---|
allow_list | EndpointJWTValidationIssuer | the list of allowed issuers. |
EndpointJWTValidationIssuer fields
| Name | Type | Description |
|---|---|---|
value | string | the URL of the issuer. |
EndpointJWTValidationAudienceConfig fields
| Name | Type | Description |
|---|---|---|
allow_list | EndpointJWTValidationAudience | the list of allowed audiences. |
EndpointJWTValidationAudience fields
| Name | Type | Description |
|---|---|---|
value | string | the audience value. |
EndpointJWTValidationHTTPConfig fields
| Name | Type | Description |
|---|---|---|
tokens | EndpointJWTValidationHTTPToken | the list of tokens to validate. |
EndpointJWTValidationHTTPToken fields
| Name | Type | Description |
|---|---|---|
type | string | the type of the JWT, which acts as a hint to ngrok about how to parse. Must be one of "jwt", "at+jwt", or "it+jwt". |
method | string | the type of location to expect the JWT. Must be one of "header" or "body". |
name | string | the name of the header or body field where the JWT is expected. |
prefix | string | any prefix to strip from the JWT before parsing. |
EndpointJWTValidationSigningConfig fields
| Name | Type | Description |
|---|---|---|
allowed_algorithms | List<string> | the list of allowed signing algorithms. |
keys | EndpointJWTValidationSigningKeys | the configuration for the JWT signing keys. |
EndpointJWTValidationSigningKeys fields
| Name | Type | Description |
|---|---|---|
sources | EndpointJWTValidationSigningKeySources | the configuration for acquiring the key material used to verify the signed JWTs. |
EndpointJWTValidationSigningKeySources fields
| Name | Type | Description |
|---|---|---|
additional_jkus | List<string> | the list of URLs which serve the possible signing keys in JWKS format. |
Delete HTTPS Edge Route JWT Validation Module
Request
DELETE /edges/https/{edge_id}/routes/{id}/jwt_validation
Example Request
curl \
-X DELETE \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/edges/https/edghts_2bMmWzYWLzzKgJYEmATUCeKyXC7/routes/edghtsrt_2bMmWyYf66VUxm5wo7sfcLgrHoH/jwt_validation
Response
Returns a 204 response with no body on success