Authenticate using JWT Authenticator

This topic describes the JWT Authenticator REST API.

Use the JWT Authenticator API to send an authentication request from the application with a JWT to Conjur.

For more information about the JWT Authenticator, see JWT Authentication.

URI

  
POST https://{Conjur-server-hostname}/authn-jwt/{service-id}/<account>/[{host-id}]/authenticate

URI Parameters

service-id

The service ID of your JWT Authenticator webservice, for example myVendor.

Required: Yes

account

The organization's Conjur account name.

Required: Yes

host-id

The identity of the application (host) in Conjur.

This value should be the full name of the host and should include URL encoding for the forward slash (/), for example, host%2Fjwt-apps%2Fmyapp.

Required: Required if the JWT Authenticator is defined without a token-app-property variable. If the JWT Authenticator is defined with a token-app-property variable, do not include the host-id in the URL.

Example URL

  • JWT Authenticator with token-app-property variable (no host-id):

      
    https://myorg.example.com/authn-jwt/myVendor/cucumber/authenticate

  • JWT Authenticator without token-app-property variable - must include the host-id:

      
    https://myorg.example.com/authn-jwt/myVendor/cucumber/host%2Fjwt-apps%2Fmyapp/authenticate

Request

Header

 
Content-Type: application/x-www-form-urlencoded Accept-Encoding: base64
 

To encode the access token, you need to include base64 as the encoding format in the Accept-Encoding header. If base64 is not included in the header, a raw token is returned using application/json as the content type.

Body

The body must include the JWT:

jwt=eyJhbGciOiJSUzI1NiIs......uTonCA

Example REST request

  • Request with token-app-property:

      
    curl -k --request POST 'https://myorg.example.com/authn-jwt/myVendor/cucumber/authenticate' --header 'Content-Type: application/x-www-form-urlencoded' --header "Accept-Encoding: base64" --data-urlencode 'jwt=eyJ0e......jjjkl'

  • Request without token-app-property:

      
    curl -k --request POST 'https://myorg.example.com/authn-jwt/myVendor/cucumber/host%2Fjwt-apps%2Fmyapp/authenticate' --header 'Content-Type: application/x-www-form-urlencoded' --header "Accept-Encoding: base64" --data-urlencode 'jwt=eyJ0e......jjjkl'

Response

Code

Description

200

The response body is the access token

400

Bad request. Check that the body is correct.

401

The request lacks valid authentication credentials

Response 200 example

Header

  
Content-Encoding: base64
Content-Type: text/plain

Body

Returns a base 64 access token of the host whose JWT is provided in the input:

  
eyJwcm90ZWN0ZWQiOiJleUpoYkdjaU9pSmpiMjVxZFhJdWIzSm5MM05zYjNOcGJHOHZkaklpTENKcmFXUWlPaUkyTXpka05HWTFZMlU1WVdJd05ESTVOR0ZpWkRNNFptTmhPV00zWW1Nek5qWTVaak16TWprNU5UUXdZamhsTm1ZeU5tRTBNVGM1T0RFeE1HSm1aRGcwSW4wPSIsInBheWxvYWQiOiJleUp6ZFdJaU9pSmhaRzFwYmlJc0ltbGhkQ0k2TVRVNU9EYzJPVFUwTUgwPSIsInNpZ25hdHVyZSI6Ik5ya25FQTc2MnoweC1GVmRRakZHZVRUbkJzeXFBdlBHSWEyZUxZV3IyYVVGZDU5dHk0aGMxSlRsVGptdmpGNWNtVDNMUnFGbDhYYzNwMDhabEhjbVc0cTdiVnFtM21odmZEdVNVaE13RzhKUk4yRFZQVHZKbkFiT1NPX0JGdWhKdmk2OGJEVGxZSFFmUF81WHY1VWtuWHlLUDR2dGNoSjloMHJuVXN0T0F1YWlkM0RyQW5RV1c2dDRaMzRQajJhT2JrTkZ1TlMxNDBsamNwZ1A1dHdfU19ISzB6d1dlSXF4cjh6eUpTbk5aNjJ1WlhZV25zU051WGZtSWdtVVo2cTJFeVZWWUJ1Zk5SZTNVUmFkU09OYjRIcnFyX21UaGctWHUzMjA2N1h3QmNWZ3lWQ0JrcWtybktuRW1vRzlMRWs2ZjdNQVpDX1BXZnA4NXQ1VFFhVm1iZFlqT2lDTW9GMFoxYkhyZGN2MC1LRnpNRGxHa0pCS1Jxb0xYYkFGakhjMCJ9

For more information about using the access token, see Authenticate.