Closed gianlucafrei closed 3 years ago
Sample token with the following settings:
securityProfiles:
apiforspa:
csrfProtection: samesite-strict-cookie
userMapping:
type: "jwt-mapping"
settings:
headerName: "Authorization"
headerPrefix: "Bearer "
audience: "<<route-url>>"
issuer: "<<hostUri>>"
tokenLifetimeSeconds: 30
signatureImplementation: "hmac"
signatureSettings:
secretKey: deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
keyId: Sample Key
mappings:
provider: <session.provider>
email_verified: <mappings.email_verified>
email: <mappings.email>
proxy: "OWASP Application Gateway"
picture: <mappings.picture>
sessionId: <session.id>
{
"kid": "Sample Key",
"typ": "JWT",
"alg": "HS256"
}.{
"sub": "115386631462932515897",
"email_verified": "true",
"iss": "https://oag.azurewebsites.net",
"sessionId": "481f0c54c5190223",
"picture": "https://lh3.googleusercontent.com/a-/AOh14Gh-B4gbJynYi-BTfyQ6113tkCpNhbdAJ2WZrnHC=s96-c",
"aud": "https://nellydemoapp.azurewebsites.net",
"proxy": "OWASP Application Gateway",
"nbf": 1616329569,
"provider": "google",
"exp": 1616329599,
"iat": 1616329569,
"jti": "dacd6ca710bf44ae",
"email": "gian-luca.frei@owasp.org"
}.[Signature]
Documentation: https://github.com/gianlucafrei/Application-Gateway/wiki/Configuration:-User-Mapping Deployed Demo: https://oag.azurewebsites.net/echo/