Versions Compared

Version Old Version 11 New Version 12
Changes made by

Kam Heng Choy

Kam Heng Choy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

false

JSON Web Key Set (JWKS) endpoint of an OpenID Connect (OIDC) server. For example,https://<server_domain>/.well-known/jwks.json

The JWKS endpoint returns the public key set in JSON format shown below, that can be used to validate the signature of the JWT (token) issued by the OIDC provider.

ParameterDescription
openIdServer

This is the URL for the JWKS server. It stores the JWKS in the cache.

Info
icon
Info

JWKS Cache

The cache is accessible only from the backend and cannot be updated by users. It is used to reduce the number of connections to the openIdServer and will be reset if the workflow is aborted.

Code Block
{
  	"[openIdServer + kid #1]": {
  	  "use": "sig",
  	  "kty": "RSA",
	    "kid": "e1583dde-e337-4bda-abf5-85a8fed1bafb",
	    "alg": "RS256",
	    "n": "** public key in here **",
  	  "e": "AQAB"
  	},
  	"[openIdServer + kid #2]": {
	    "use": "sig",
  	  "kty": "RSA",
  	  "kid": "e1583dde-e337-4bda-abf5-85a8fed1bafa",
  	  "alg": "RS256",
	    "n": "** public key in here **",
	    "e": "AQAB"
  	}
}


The public key can be used to verify the integrity of a JWT, ensuring that it has not been tampered with.

tokenThis refers to the JWT (Json Web Token) that needs to be validated.claimsToValidateAn optional map field to declare the claims as well as the corresponding value to validate against the token.algorithmAn optional field to verify the signing algorithm used by the token. The possible values could be RSA256, RSA384, RSA512, ECDSA256, ECDSA384, ECDSA512. By default, the APL function uses RSA256.ReturnsAn error message on validation failure. Null on validation success.

...

ParameterDescription
openIdServer

This is the URL for the JWKS server. It stores the JWKS in the cacheJSON Web Key Set (JWKS) endpoint of an OpenID Connect (OIDC) server. For example, https://<server_domain>/.well-known/jwks.json.

The JWKS endpoint returns the public key set in JSON format shown below, that can be used to validate the signature of the JWT (token) issued by the OIDC provider.

Info
iconfalse

JWKS Cache

The cache is accessible only from the backend and cannot be updated by users. It is used to reduce the number of connections to the openIdServer and will be reset if the workflow is aborted.

Code Block
{
  "[openIdServer + kid #1]": {
    "use": "sig",
    "kty": "RSA",
    "kid": "e1583dde-e337-4bda-abf5-85a8fed1bafb",
    "alg": "RS256",
    "n": "** public key in here **",
    "e": "AQAB"
  },
  "[openIdServer + kid #2]": {
    "use": "sig",
    "kty": "RSA",
    "kid": "e1583dde-e337-4bda-abf5-85a8fed1bafa",
    "alg": "RS256",
    "n": "** public key in here **",
    "e": "AQAB"
  }
}


The public key can be used to verify the integrity of a JWT, ensuring that it has not been tampered with.

tokenThis refers to the JWT (Json Web Token) that needs to be validated.
claimsToValidateAn optional map field to declare the claims as well as the corresponding value to validate against the token.
algorithmAn optional field to verify the signing algorithm used by the token. The possible values could be RSA256, RSA384, RSA512, ECDSA256, ECDSA384, ECDSA512. By default, the APL function uses RSA256.
ReturnsAn JwtValidationResult UDR which consists of error message on validation failure and decoded payloads. The error message will be Null on validation success.

...