...
rs.security.signature.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for signature. If this is not specified it falls back to use "rs.security.key.password.provider". |
rs.security.signature.algorithm | The signature algorithm to use. The default algorithm if not specified is 'RS256'. |
rs.security.signature.include.public.key | Include the JWK public key for signature in the "jwk" header. |
rs.security.signature.include.cert | Include the X.509 certificate for signature in the "x5c" header. |
rs.security.signature.include.key.id | Include the JWK key id for signature in the "kid" header. |
rs.security.signature.include.cert.sha1 | Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. |
rs.security.signature.include.cert.sha256 | Include the X.509 certificate SHA-256 digest for encryption in the "x5t#S256" header. |
Configuration that applies to encryption only
rs.security.decryption.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for decryption. If this is not specified it falls back to use "rs.security.key.password.provider". |
rs.security.encryption.content.algorithm | The encryption content algorithm to use. The default algorithm if not specified is 'A128GCM'. |
rs.security.encryption.key.algorithm | The encryption key algorithm to use. The default algorithm if not specified is 'RSA-OAEP' if the key is an RSA key, 'ECDH-ES-A128KW' if the key is an EC key and 'A128GCMKW' if it is an octet sequence. |
rs.security.encryption.zip.algorithm | The encryption zip algorithm to use. |
rs.security.encryption.include.public.key | Include the JWK public key for encryption in the "jwk" header. |
rs.security.encryption.include.cert | Include the X.509 certificate for encryption in the "x5c" header. |
rs.security.encryption.include.key.id | Include the JWK key id for encryption in the "kid" header. |
rs.security.encryption.include.cert.sha1 | Include the X.509 certificate SHA-1 digest for encryption in the "x5t" header. |
rs.security.encryption.include.cert.sha256 | Include the X.509 certificate SHA-256 digest for encryption in the "x5t#S256" header. |
Configuration that applies to JWT tokens only
...