JWT Configuration
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.JWT Configuration Settings
AllowedSigningAlgorithms:
Allowed signing algorithms when StrictValidation is set to True. This setting specifics a comma separated list of algorithms that are allowed when StrictValidation is set to true. This allows multiple signing algorithms to be considered acceptable during validation. This setting is only applicable when StrictValidation is set to true. Possible values:
Example value: HS512,HS256. | ||||||||||||||||
AudienceDelimiter:
Defines the character to separate audience values. This setting specifies the character to used to separate multiple audience values. ClaimAudience may contain multiple values. When multiple values are present they will be separated by this character. The default value is ;. When setting ClaimAudience that contains multiple audiences specify multiple value separated by the character set here. For instance: jwt.ClaimAudience = "aud1;aud2" ; | ||||||||||||||||
CompressionAlgorithm:
The compression algorithm to use. This setting specifies the compression algorithm to use (if any). If set the content will be compressed using the specified algorithm. Possible values are:
| ||||||||||||||||
IncludeCertificateFormat:
The certificate values to include in the signed message (if any). This setting specifies whether information about the Certificate is included in the signed message. When specified, the value here determines the format of the included certificate information. The certificate information is included as a standard JWS header parameter. Multiple formats may be included in the signed message. The value specified should be the binary 'OR' of one or more of the following values:
Note: When including the certificate chain (0x01) the public certificate of Certificate will automatically be included. IssuerCerts may also be set to the public issuer certificates that will be used when building the chain to include. For instance, to include both the certificate chain and SHA-256 thumbprint of the Certificate set this to 5. | ||||||||||||||||
InputMessage:
The raw input to process. This setting optionally specifies the pay payload to process. When calling Sign or Encrypt input is taken from this setting if specified. If a value is set here the Claim* properties are ignored. | ||||||||||||||||
IsEncrypted:
Indicates whether the EncodedJWT is encrypted. This setting may be queried after calling Parse to determine if the EncodedJWT is encrypted. | ||||||||||||||||
IsSigned:
Indicates whether the EncodedJWT is signed. This setting may be queried after calling Parse to determine if the EncodedJWT is signed. | ||||||||||||||||
IssuerCerts:
A collection of issuer certificates used with IncludeCertificateFormat. This setting optionally specifies one or more issuer certificates that may be used by the class when IncludeCertificateFormat is specified. Note that the issuer certificates specified here are used as a store of potential issuer certificates. At runtime the class will inspect the Certificate value and add the relevant issuer certificates that are present in this property. The format of the value must be one or more PEM encoded certificates with headers and footers. For instance to include 2 issuer certificates the value may be: -----BEGIN CERTIFICATE----- | ||||||||||||||||
KeyEncoding:
The encoding of the Key value. This setting specifies the encoding that has been applied to the Key. value prior to providing it to the class. The Key is typically represented as an array of bytes, however in some cases the key value may have been encoded. As a matter of convenience the class will accept the key with an encoding already applied. The class will decode the key value according the to the value specified here before processing. Possible values are:
| ||||||||||||||||
OutputMessage:
The raw output of the operation. After calling Verify or Decrypt this holds the raw JSON payload. This may be useful for debugging or logging purposes when the JSON payload is desired. | ||||||||||||||||
PartyUInfo:
Information about the producer of the message. This setting may optionally be set when Algorithm is set to an ECDH algorithm before calling Encrypt. When calling Decrypt this setting is populated and also accessible from within the RecipientInfo event. The value may be any string. To specify a base64url encoded value directly prefix the string with [b64]. For instance the following lines both set the same value: jwe.Config( "PartyUInfo=Alice" ); jwe.Config( "PartyUInfo=[b64]QWxpY2U=" ); //Equivalent to above line | ||||||||||||||||
PartyVInfo:
Information about the recipient of the message. This setting may optionally be set when Algorithm is set to an ECDH algorithm before calling Encrypt. When calling Decrypt this setting is populated and also accessible from within the RecipientInfo event. The value may be any string. To specify a base64url encoded value directly prefix the string with [b64]. For instance the following lines both set the same value: jwe.Config( "PartyUInfo=Bob" ); jwe.Config( "PartyUInfo=[b64]Qm9i" ); //Equivalent to above line | ||||||||||||||||
PBES2Count:
The PBKDF2 iteration count. This setting specifies the PBDKF2 iteration count. A minimum value of 1000 is recommended. The default value is 1000. This setting is only applicable when EncryptionAlgorithm is set to a PBES algorithm. | ||||||||||||||||
PBES2SaltLength:
The salt input value length. This setting specifies the length in bytes of the salt input value, which is used as part of the PBKDF2 salt value. The default value is 16. This setting is only applicable when EncryptionAlgorithm is set to a PBES algorithm. | ||||||||||||||||
RawHeader:
Holds the raw JOSE header. This setting may be queried after calling Sign or Verify to obtain the raw JOSE header. This returns a JSON string like: {"alg":"ES384","kid":"myKeyId"} | ||||||||||||||||
StrictValidation:
Requires specific algorithms when processing. If set to True the class will validate that the algorithm used in the JWT matches the values specified in EncryptionAlgorithm, ContentEncryptionAlgorithm, and SigningAlgorithm. This is applicable when calling Decrypt and Verify. By default this is False and the algorithms are read automatically from the encoded JWT. |
Base Configuration Settings
BuildInfo:
Information about the product's build. When queried, this setting will return a string containing information about the product's build. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CodePage:
The system code page used for Unicode to Multibyte translations. The default code page is Unicode UTF-8 (65001). The following is a list of valid code page identifiers:
The following is a list of valid code page identifiers for Mac OS only:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LicenseInfo:
Information about the current license. When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
UseInternalSecurityAPI:
Tells the class whether or not to use the system security libraries or an internal implementation. By default the class will use the system security libraries to perform cryptographic functions. Setting this to True tells the class to use the internal implementation instead of using the system's security API. |