How does the JWT verification and parsing occurs inside the APIcast component from Red Hat 3scale API Management?

Solution Verified - Updated -

Issue

I'm looking for clarification from the 3scale 2.X admin guide on processing JSON Web Tokens (JWT). What exactly does 3scale do after it "extracts the value of the azp or aud claim"? Does 3scale evaluate these claims against some predetermined value or does it simply let the Backend API perform some processing?

Environment

  • Red Hat 3scale API Management
    • SaaS
    • 2.X On-premises

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content