You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/waf/policies/jwt-protection.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,15 +6,14 @@ nd-content-type: reference
6
6
nd-product: NAP-WAF
7
7
---
8
8
9
-
JSON Web Token (JWT) is a compact and self-contained way to represent information between two parties in JSON format, commonly used for authentication and authorization.
10
-
F5 WAF for NGINX validates the authenticity and well-formedness of JWTs, denying access when validation fails. JWT is mainly used for API access.
9
+
JSON Web Tokens (JWTs) are a compact and self-contained way to represent information between two parties in JSON format, commonly used for authentication and authorization.
10
+
F5 WAF for NGINX validates the authenticity and well-formedness of JWTs, denying access when validation fails. JWTs are mainly used for API access.
11
11
12
12
When a user logs in to an application, they might receive a JWT, which is then included in subsequent requests.
13
13
The server validates the JWT to ensure the user is authorized to access the requested resources.
14
14
15
15
F5 WAF for NGINX handles tokens on behalf of the application by:
16
16
17
-
18
17
1. Validating the token's existence and structure for specific URLs.
19
18
1. Verifying the token's signature using provisioned certificates.
20
19
1. Checking the token validity period (`nbf`, `exp`).
0 commit comments