Authorization in CRDP

CRDP provides JWT verification feature to authorized users who want to access the CRDP resources (APIs). To use this feature, JWT verification must be enabled. Refer to Enable JWT Verification for details.

Whenever users want to access the CRDP resources (APIs), a JWT should be sent in the Authorization Header using the Bearer schema. CRDP will check the valid JWT in the Authorization Header. If a valid JWT is present, user will be allowed to access the CRDP resources (APIs).

The JWT structure for any incoming request to CRDP should include the following parts:

• Header

  • type: Specifies the token type supported by CRDP. CRDP supports only Bearer Token.

  • algorithm: Specifies the signing algorithm supported by CRDP. CRDP supports only RS256.

• Payload

  The payload contains claims. The supported registered claims are: iss (issuer), sub (subject), and exp (expiry).

  • Issuer: This claim is optional. It identifies the principal that issued the JWT.

  • Subject: This claim is optional. It identifies the jwt_username field in CRDP audit logs.

  • Expiry: This claim is mandatory. It identifies the expiration time of the JWT.

• Signature

  This part of the JWT structure verifies the signature.