mirror of
https://github.com/kemko/nomad.git
synced 2026-01-08 19:35:41 +03:00
37 lines
1.6 KiB
Plaintext
37 lines
1.6 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: JSON Web Token (JWT) Auth Method
|
|
description: >-
|
|
Use the JWT auth method to authenticate to Nomad with a JSON web token and receive an ACL token with privileges based on JWT identity attributes. Learn how to configure the auth method parameters using this reference page and example configuration.
|
|
---
|
|
|
|
# JSON Web Token (JWT) Auth Method
|
|
|
|
Use the `jwt` auth method to authenticate with Nomad by providing a
|
|
[JWT](https://en.wikipedia.org/wiki/JSON_Web_Token) directly. The JWT is
|
|
cryptographically verified using locally-provided keys, or, if configured, you may use an
|
|
OIDC Discovery service to fetch the appropriate keys.
|
|
|
|
Refer to [auth-method create] for the parameters required to create a JWT auth-method with a given verification method.
|
|
|
|
## JWT Verification
|
|
|
|
Nomad verifies JWT signatures against public keys from the issuer. This
|
|
process uses one of these methods:
|
|
|
|
- **Static Keys** - A set of public keys is stored directly in the
|
|
configuration.
|
|
|
|
- **JWKS** - Configure a JSON Web Key Set ([JWKS](https://tools.ietf.org/html/rfc7517))
|
|
URL and optional certificate chain. Nomad fetches keys from
|
|
this endpoint during authentication.
|
|
|
|
- **OIDC Discovery** - Configure an OIDC Discovery URL and optional certificate chain. Nomad fetches keys from this URL during authentication. When you use OIDC Discovery, Nomad applies OIDC validation criteria such as `iss` and `aud`.
|
|
|
|
If you need multiple methods, create another auth method of this type
|
|
with a different name.
|
|
|
|
@include 'jwt_claim_mapping_details.mdx'
|
|
|
|
[auth-method create]: /nomad/docs/commands/acl/auth-method/create
|