-
Notifications
You must be signed in to change notification settings - Fork 24
Configuration options
This is the secret key for HMAC SHA algorithm in base64 url encoded form. This key is shared with CouchDB and the server that creates the JWT.
Sets the JWT claim that is used as CouchDB username. The couch_wt_auth plugin creates a user context for the CouchDB. The user context is created with a username and list of roles. The configuration parameters 'username_claim' and 'roles_claim' specify what JWT claim/property is mapped to username and roles. For example JWT could contain this payload:
{
"sub": "1234567890",
"name": "John Doe",
"roles": ["_admin", "dev"],
"admin": true
}
When couch_wt_auth is configured with username_claim=sub (sub is the default value) then CouchDB user context username is "1234567890". If couch_wt_auth is configured with username_claim=name then CouchDB user context username is "John Doe". More information about different JWT claims: https://tools.ietf.org/html/rfc7519#section-4.1
Sets the JWT claim that is used as CouchDB roles. The claim must contain array of the users roles.
Comma separated list of claims that are validated. For example: validated_claims = iss,aud
You must include x in validated_claims configuration to use configuration validate_claim_x. To validate issuer of the JWT set configuration:
validated_claims = iss
validate_claim_iss = ["abc"]
validate_claim_x must contain JSON array of valid values. If JWT contains any of the values then JWT is valid. Do not use single quotes with the JSON array.