Parameters
See plugin common configurations for configuration options available to all plugins.
Consumers
The following are plugin attributes available for configurations on consumers.
key
string
required
Unique key for a consumer.
secret
string
The encryption key. Automatically generated if unspecified. The secret is encrypted with AES before saving to etcd. You can also keep secrets in a secret manager, such as HashiCorp Vault's KV secrets engine. See secrets for more details.
public_key
string
required
RSA or ECDSA public key.
private_key
string
required
RSA or ECDSA private key. The private key is encrypted with AES before saving to etcd. You can also keep the private key in a secret manager, such as HashiCorp Vault's KV secrets engine. See secrets for more details.
algorithm
string
default:
HS256
vaild vaule:
HS256
,HS512
,RS256
, orES256
Encryption algorithm.
exp
integer
default:
86400
vaild vaule:
greater or equal to 1
Expiry time of the token in seconds.
base64_secret
boolean
default:
false
If true, encode the secret with base64.
lifetime_grace_period
integer
default:
0
vaild vaule:
greater or equal to 0
Grace period in seconds. Used to account for clock skew between the server generating the JWT and the server validating the JWT.
Routes or Services
The following are plugin attributes available for configurations on routes or services.
header
string
default:
authorization
The header to get the token from.
query
string
default:
jwt
The query string to get the token from. Lower priority than header.
cookie
string
default:
jwt
The cookie to get the token from. Lower priority than query.
hide_credentials
boolean
default:
false
If true, do not pass the header, query, or cookie with JWT to upstream services.