JWT Validation
FastGateway supports JWT (JSON Web Token) validation to secure your APIs.
JWT Provider Settings
| Setting | Description |
|---|---|
| issuer | Expected token issuer (iss claim) |
| remoteJWKS | URL to fetch JSON Web Key Set |
| audiences | Expected token audiences (aud claim) |
Configuration Example
jwtAuth:
providers:
- name: "auth-provider"
issuer: "https://auth.example.com"
remoteJWKS: "https://auth.example.com/.well-known/jwks.json"
audiences:
- "api.example.com"
- "https://api.example.com"
Claims to Headers
Extract JWT claims and forward them as headers to backends:
jwtAuth:
providers:
- name: "auth-provider"
issuer: "https://auth.example.com"
remoteJWKS: "https://auth.example.com/.well-known/jwks.json"
audiences:
- "api.example.com"
claimsToHeaders:
- claim: "sub"
header: "X-User-ID"
- claim: "email"
header: "X-User-Email"
- claim: "roles"
header: "X-User-Roles"
Request Example
curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..." \
https://api.example.com/protected
Validation Process
- Extract token from
Authorization: Bearer <token>header - Validate signature using JWKS
- Verify issuer matches configured value
- Verify audience includes configured value
- Check token expiration (exp claim)
- Forward configured claims as headers