Configure JWT Verification Method
Overview
Ingrain is a service that allows you to add user activity logging without a backend (you can still use one if you wish to). This means that when sending us event payloads, you should also send us your user's JWT token so that we can verify that
- The request is sent from an authorized user.
- The user is allowed to send the payload based on the write rules (this will be covered in Writing/Reading Events Rules).
To do this, you need to configure the JWT Verification Method.
Steps
- Navigate to your application's JWT Verification page.
- Select the desired verification method from the dropdown and fill in the details.
Verification Options
| Option | Description |
|---|---|
| No verification | The JWT token will not be verified. This is not recommended for production use. |
| JWKS URL | The JWT token will be verified using the JWKS URL provided. Verification Value is expected to be the URL. You may also provide 2 other optional values: JWKS Key ID and JWKS Signing Algorithm. |
| Public Key | This should be used if your JWT is signed using an asymmetric algorithm. The JWT token will be verified using the public key provided. Verification Value is expected to be the public key. |
| Secret Key | This should be used if your JWT is signed using a symmetric algorithm. The JWT token will be verified using the secret key provided. Verification Value is expected to be the secret key. Secret keys are sensitive and we do not recommend this method. |