Skip to content

Commit

Permalink
docs: update jwt-auth docs (#11785)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikyll
mikyll authored Dec 5, 2024
1 parent 522724c commit d599d20
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
14 changes: 7 additions & 7 deletions docs/en/latest/plugins/jwt-auth.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,18 +47,18 @@ For Consumer:
| exp | integer | False | 86400 | [1,...] | Expiry time of the token in seconds. |
| base64_secret | boolean | False | false | | Set to true if the secret is base64 encoded. |
| lifetime_grace_period | integer | False | 0 | [0,...] | Define the leeway in seconds to account for clock skew between the server that generated the jwt and the server validating it. Value should be zero (0) or a positive integer. |
| key_claim_name | string | False | key | | The name of the JWT claim that contains the user key (corresponds to Consumer's key attribute). |

NOTE: `encrypt_fields = {"secret"}` is also defined in the schema, which means that the field will be stored encrypted in etcd. See [encrypted storage fields](../plugin-develop.md#encrypted-storage-fields).

For Route:

| Name | Type | Required | Default | Description |
|--------|--------|----------|---------------|---------------------------------------------------------------------|
| header | string | False | authorization | The header to get the token from. |
| query | string | False | jwt | The query string to get the token from. Lower priority than header. |
| cookie | string | False | jwt | The cookie to get the token from. Lower priority than query. |
| hide_credentials | boolean | False | false | Set to true will not pass the authorization request of header\query\cookie to the Upstream.|
| Name | Type | Required | Default | Description |
|------------------|---------|----------|---------------|-------------------------------------------------------------------------------------------------|
| header | string | False | authorization | The header to get the token from. |
| query | string | False | jwt | The query string to get the token from. Lower priority than header. |
| cookie | string | False | jwt | The cookie to get the token from. Lower priority than query. |
| hide_credentials | boolean | False | false | Set to true will not pass the authorization request of header\query\cookie to the Upstream. |
| key_claim_name | string | False | key | The name of the JWT claim that contains the user key (corresponds to Consumer's key attribute). |

You can implement `jwt-auth` with [HashiCorp Vault](https://www.vaultproject.io/) to store and fetch secrets and RSA keys pairs from its [encrypted KV engine](https://developer.hashicorp.com/vault/docs/secrets/kv) using the [APISIX Secret](../terminology/secret.md) resource.

Expand Down
1 change: 1 addition & 0 deletions docs/zh/latest/plugins/jwt-auth.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ Route 端:
| query | string || jwt | 设置我们从哪个 query string 获取 token,优先级低于 header。 |
| cookie | string || jwt | 设置我们从哪个 cookie 获取 token,优先级低于 query。 |
| hide_credentials | boolean || false | 该参数设置为 `true` 时,则不会将含有认证信息的 header\query\cookie 传递给 Upstream。|
| key_claim_name | string || key | 包含用户密钥(对应消费者的密钥属性)的 JWT 声明的名称。|

您可以使用 [HashiCorp Vault](https://www.vaultproject.io/) 实施 `jwt-auth`,以从其[加密的 KV 引擎](https://developer.hashicorp.com/vault/docs/secrets/kv) 使用 [APISIX Secret](../terminology/secret.md) 资源。

Expand Down

0 comments on commit d599d20

Please sign in to comment.