Authorization in CRDP
CRDP provides JWT verification feature to authenticated users who want to access the CRDP resources (APIs). To use this feature, the Enable JWT Verification toggle on the Application Data Protection UI must be turned on. Whenever users want to access the CRDP resources (APIs), a JWT should be sent in the Authorization Header using the Bearer schema. CRDP will check the valid JWT in the Authorization Header. If a valid JWT is present, user will be allowed to access the CRDP resources (APIs).
The JWT structure comprises of three parts Header.payload.signature
separated by a period.
Header Details
The header consists of:
type: Type of the token, supporting only Bearer Token.
algorithm: Signing algorithm to be used. Currently, supporting only RS256 algorithm.
The header is then Base64
encoded to form first part of JWT.
Payload Details
The payload contains claims. The supported registered claims are: iss (issuer) and exp (expiry).
Issuer (optional): Identifies the principal that issued the JWT.
Expiry (mandatory): Identifies the expiration time of the JWT.
The payload is then Base64
encoded to form the second part of JWT.
Signature
The third part of the token is the signature that verifies the integrity of the message.