Airlock Microgateway supports authorization based on JWT in the premium edition. Restrictions for token claims can be applied and roles required for accessing mappings can be extracted from the token. If any extraction method is enabled, a matching token sent with the request will be verified and decoded. If the JWT is missing (if mandatory), invalid, violates any claim restrictions, or does not provide the needed credentials to access the mapping, the request will be rejected. For a configured redirect, this will result in a redirect to the denied access URL, all other authentication flows result in a response with HTTP status code 403.
- Configuration of JWKS requires settings for:
- JWKS Providers for local or remote JWKS sources.
- Configuration of access control using a JWKS source in mappings.
JWKS can be configured using the DSL options starting with jwks_providers
. For details on all available options, refer to the DSL reference.
JWKS providers can be configured as a static source deployed with the gateway (jwks_providers.local[]
) or as an external service (jwks_providers.remote[]
).