POST
/
api
/
v1
/
auth
/
jwt-auth
/
identities
/
{identityId}

Authorizations

Authorization
string
headerrequired

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the identity to attach the configuration onto.

Body

application/json
configurationType
enum<string>
required

The configuration for validating JWTs. Must be one of: 'jwks', 'static'

Available options:
jwks
jwksUrl
string
required

The URL of the JWKS endpoint. Required if configurationType is 'jwks'. This endpoint must serve JSON Web Key Sets (JWKS) containing the public keys used to verify JWT signatures.

boundClaims
object
required

The attributes that should be present in the JWT for it to be valid.

jwksCaCert
string
default:

The PEM-encoded CA certificate for validating the TLS connection to the JWKS endpoint.

publicKeys
string[]

A list of PEM-encoded public keys used to verify JWT signatures. Required if configurationType is 'static'. Each key must be in RSA or ECDSA format and properly PEM-encoded with BEGIN/END markers.

boundIssuer
string
default:

The unique identifier of the JWT provider.

boundAudiences
string
default:

The list of intended recipients.

boundSubject
string
default:

The expected principal that is the subject of the JWT.

accessTokenTrustedIps
object[]

The IPs or CIDR ranges that access tokens can be used from.

accessTokenTTL
integer
default: 2592000

The lifetime for an access token in seconds.

Required range: 1 < x < 315360000
accessTokenMaxTTL
integer
default: 2592000

The maximum lifetime for an access token in seconds.

Required range: x < 315360000
accessTokenNumUsesLimit
integer
default: 0

The maximum number of times that an access token can be used.

Required range: x > 0

Response

200 - application/json
identityJwtAuth
object
required

Was this page helpful?