Parameters
See plugin common configurations for configuration options available to all plugins.
Consumers
The following are plugin attributes available for configurations on consumers.
key
string
required
Unique key for a consumer.
secret
string
The encryption key. Automatically generated if unspecified. The secret is encrypted with AES before saving to etcd. You can also keep secrets in a secret manager, such as HashiCorp Vault's KV secrets engine. See secrets for more details.
public_key
string
required
RSA or ECDSA public key.
private_key
string
required
RSA or ECDSA private key. The private key is encrypted with AES before saving to etcd. You can also keep the private key in a secret manager, such as HashiCorp Vault's KV secrets engine. See secrets for more details.
algorithm
string
default:
HS256vaild vaule:
HS256,HS512,RS256, orES256Encryption algorithm.
exp
integer
default:
86400vaild vaule:
greater or equal to 1
Expiry time of the token in seconds.
base64_secret
boolean
default:
falseIf true, encode the secret with base64.
lifetime_grace_period
integer
default:
0vaild vaule:
greater or equal to 0
Grace period in seconds. Used to account for clock skew between the server generating the JWT and the server validating the JWT.
Routes or Services
The following are plugin attributes available for configurations on routes or services.
header
string
default:
authorizationThe header to get the token from.
query
string
default:
jwtThe query string to get the token from. Lower priority than header.
cookie
string
default:
jwtThe cookie to get the token from. Lower priority than query.
hide_credentials
boolean
default:
falseIf true, do not pass the header, query, or cookie with JWT to upstream services.