JWT Issuer Format
This setting determines the format of the issuer (iss) claim in the Pomerium JWT. See JWT Authentication for more information about the Pomerium JWT.
Before Pomerium v0.28, this claim was always set to the hostname portion of the route's From URL. Starting in v0.28, the issue claim can be set to use a full URL instead. This may be necessary for interoperability with some JWT authentication consumers.
The default is hostname-only for backwards compatibility with existing Pomerium deployments.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file key | Environment variable | Type | Default |
|---|---|---|---|
jwt_issuer_format | JWT_ISSUER_FORMAT | string (one of hostOnly or uri) | hostOnly |
Examples
jwt_issuer_format: uri
JWT Issuer Format is listed under the "General" section of the route settings:
JWT Issuer Format is not currently supported in Ingress Controller.