.. _aam_jwt_authorization:

aam jwt-authorization
=====================

AAM JWT authorization related configuration


jwt-authorization Specification
-------------------------------

	===================================== =====================================================================
	 **Parameter**                         **Value** 

	===================================== =====================================================================
	 **Type**                              *Collection*

	 **Object Key(s)**                     *name*

	 **Collection Name**                   :ref:`121_jwt-authorization_list`

	 **Collection URI**                    /axapi/v3/aam/jwt-authorization

	                                       

	 **Element Name**                      jwt-authorization

	 **Element URI**                       /axapi/v3/aam/jwt-authorization/{name}

	 **Element Attributes**                jwt-authorization_attributes

	 **Partition Visibility**              shared

	 **Statistics Data URI**               /axapi/v3/aam/jwt-authorization/{name}/stats

	 **Schema**                             :download:`jwt-authorization schema <aam-jwt-authorization/aam-jwt-authorization.txt>`
	===================================== =====================================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_attributes`



.. raw:: html

   </td><td><button id='post_eg' onClick="showExample('post')">example</button> <button id='post_cl' onClick="closeExample('post')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='post_div' style='display:none'>


.. include:: ../artifacts/aam_jwt_authorization_POST.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create List



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_attributes`



.. raw:: html

   </td><td><button id='get_eg' onClick="showExample('get')">example</button> <button id='get_cl' onClick="closeExample('get')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='get_div' style='display:none'>


.. include:: ../artifacts/aam_jwt_authorization_GET.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get List



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_list`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_attributes`



.. raw:: html

   </td><td><button id='put_eg' onClick="showExample('put')">example</button> <button id='put_cl' onClick="closeExample('put')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='put_div' style='display:none'>


.. include:: ../artifacts/aam_jwt_authorization_PUT.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace List



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_list`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/aam/jwt-authorization/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`121_jwt-authorization_attributes`



.. raw:: html

   </td><td><button id='delete_eg' onClick="showExample('delete')">example</button> <button id='delete_cl' onClick="closeExample('delete')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='delete_div' style='display:none'>


.. include:: ../artifacts/aam_jwt_authorization_DELETE.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   </table>

.. _121_jwt-authorization_list:

jwt-authorization-list
----------------------


    jwt-authorization-list is **JSON List** of :ref:`121_jwt-authorization_attributes` 

        jwt-authorization-list : [

             { :ref:`121_jwt-authorization_attributes` },

             { :ref:`121_jwt-authorization_attributes` },

             ...

         ]

.. _121_jwt-authorization_attributes:

jwt-authorization attributes
----------------------------

    **encrypted**

        **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

    **exp-claim-requried**

        **Description** Specify the exp claim is required for JWT authorization

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **jwt-cache-enable**

        **Description** Enable caching authorized JWT token and skip verification and authorization for cached tokens

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **jwt-exp-default**

        **Description** Specify the default token expiration if exp claim is not available (default 1800)

        **Type:** number

        **Range:** 1-86400

    **jwt-forwarding**

        **Description** Specify JWT token will not be stripped while forwarding client request

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **log-level**

        **Description** '0': log disable; '1': only log authorzation fail (default); '2': only log authorization success; '3': log all; 

        **Type:** string

        **Supported Values:** 0, 1, 2, 3

    **name**

        **Description** Specify JWT authorization template name

        **Type:** string

        **Maximum Length:** 63 characters

        **Maximum Length:** 1 characters

    **packet-capture-template**

        **Description** Name of the packet capture template to be bind with this object

        **Type:** string

        **Maximum Length:** 128 characters

        **Maximum Length:** 1 characters

        **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-jwt-authorization-tmpl <visibility_packet_capture_object_templates_aam_jwt_authorization_tmpl>`

    **sampling-enable**

        **Type:** List

    **user-tag**

        **Description** Customized tag

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

    **verification-cert**

        **Description** Specify the certificate to verify JWT token signature

        **Type:** string

        **Maximum Length:** 255 characters

        **Maximum Length:** 1 characters

        **Mutual Exclusion:** verification-cert, verification-jwks, and verification-secret are mutually exclusive

    **verification-jwks**

        **Description** Specify the jwks file to verify JWT token signature

        **Type:** string

        **Maximum Length:** 255 characters

        **Maximum Length:** 1 characters

        **Mutual Exclusion:** verification-jwks, verification-cert, and verification-secret are mutually exclusive

    **verification-secret**

        **Description** Specify secret for verify JWT token signature

        **Type:** string

        **Format:** password

        **Maximum Length:** 128 characters

        **Maximum Length:** 1 characters

        **Mutual Exclusion:** verification-secret, verification-cert, and verification-jwks are mutually exclusive

.. _121_sampling-enable:

sampling-enable
^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *list*

	 **Block object keys**             

	=============================== ===================================================

    **counters1**

        **Description** 'all': all; 'jwt-request': JWT Request; 'jwt-authorize-success': JWT Authorize Success; 'jwt-authorize-failure': JWT Authorize Failure; 'jwt-missing-token': JWT Missing Token; 'jwt-missing-claim': JWT Missing Claim; 'jwt-token-expired': JWT Token Expired; 'jwt-signature-failure': JWT Signature Failure; 'jwt-other-error': JWT Other Error; 

        **Type:** string

        **Supported Values:** all, jwt-request, jwt-authorize-success, jwt-authorize-failure, jwt-missing-token, jwt-missing-claim, jwt-token-expired, jwt-signature-failure, jwt-other-error