English | English
German | Deutsch
Indonesian | Indonesia
Spanish | Español
Turkish | Türkçe
3.19.14. <accessTokenAuthentication>
3.19.14.1.1. Item description
This item describes JWT authentication settings. The <accessTokenAuthentication> item is subordinate to the <point>, <ws>, and <httpServices> items. There can be one <accessTokenAuthentication> item or none. The <issuers> item is subordinate to the <accessTokenAuthentication> item. There can be only one subordinate item of each type.
If an item is subordinate to the <ws> and <httpServices> items, you can use JWT authentication for web services and HTTP services respectively.
This item does not have any attributes.
3.19.14.1.2. <accessTokenRecepientName>
This item is used only if the <accessTokenAuthentication> item is subordinate to the <ws> and <httpServices> items. The item may contain the following attributes:
accessTokenRecepientName
It contains a recipient ID to check whether the provided token is used to issue to this service. For this purpose, the attribute value is checked by the aud payload claim of the provided token.
If the attribute is not specified, its value will be an online service name.
3.19.14.1.3. <issuers>
This item is subordinate to the <accessTokenAuthentication> item. It describes a list of applications that can access this publication using JWT authentication. The <issuer> item is subordinate to the <issuers> item. There can be one or several subordinate items.
3.19.14.1.4. <issuer>
This item is subordinate to the <issuers> item. It describes an application that can get access to this publication. The item may contain the following attributes:
name
It contains a name of an application that can get access to this publication. The attribute value is compared with the iss claim value of the provided access token.
authenticationClaimName
It defines a claim name of the provided access token that has a name for 1C:Enterprise to authenticate a JWT issuer. If this attribute is not specified, the sub claim is used.
authenticationUserPropertyName
It defines 1C:Enterprise user property to search by when JWT is provided. In other words, the claim value with the name specified in the authenticationClaimName attribute is extracted from JWT. After that, this value is used to search for 1C:Enterprise user by a property specified in this attribute. The following values can be used for this attribute:
- name. Use the Name property for the search.
- osUser. Use the OSUser property for the search.
- email. Use the Email property for the search.
If the attribute is not specified, user search is performed by name (the attribute value is name, the search field name is Name).
keyInformation
It contains a certificate (in PEM format) to check a JWT signature.