JWKS access tokens

JWK is a JSON representation of cryptographic keys widely used in the context of JWT. A set of such keys is known as JWKS, a JSON Web Key Set. JWKS is also the format used by the gateway to configure verification of access tokens.

JWT-based authorization at a glance

Airlock Microgateway supports authorization based on JWT in the premium edition. Restrictions for token claims can be applied and roles required for accessing mappings can be extracted from the token. If any extraction method is enabled, a matching token sent with the request will be verified and decoded. If the JWT is missing (if mandatory), invalid, violates any claim restrictions, or does not provide the needed credentials to access the mapping, the request will be rejected. For a configured redirect, this will result in a redirect to the denied access URL, all other authentication flows result in a response with HTTP status code 403.