JWT dependencies on your Identity Provider
The following details must be provided by your IdP in the JWT token for Collibra to accept the token.
|
Section |
Field |
Description |
|---|---|---|
| Header | alg |
The encryption algorithm. Collibra supports all standard encryption algorithms. |
| kid |
The JWKS identifier of the public key used to sign the JWT token. An identity provider may have multiple public key certificates, for example multiple valid keys may exist while a key rotation is in progress. |
|
| typ |
Optional field that defines the JWT type. Tip Use the MIME type format, for example application/jwt or application/secevent+jwt with the application/ prefix removed, for example jwt or secevent+jwt. |
|
| Payload | iss |
The issuer of the token. This field is used to check the token comes from the expected IdP. |
| exp | The token expiry time. | |
| iat | The time the token was issued. | |
| sub | The subject or the principal ID. | |
| Signature |
The digital signature of the header and payload. The signature verifies the message did not change along the way. In the case of tokens signed with a private key, the signature also verifies the authenticity of the JWT sender. |