https://cerbos.dev logo
#help
Title
# help
o

Owen Cummings

03/14/2023, 3:50 PM
Is there any documentation describing exactly what JWT verification Cerbos is capable of? Just signature verification? Which algorithms? Or does it do other claim verification like
iat
and
exp
timestamp based checks?
c

Charith (Cerbos)

03/14/2023, 4:00 PM
We haven't documented the process in that detail -- which we'll look to do. Essentially, if you provide a key set, Cerbos does both verification (check signature) and validation (checking claims like
exp
). Validation is always performed. You can turn off verification in config if you trust the JWT source and want to avoid the crypto overhead. All standard algorithms are supported.
o

Owen Cummings

03/14/2023, 4:39 PM
Cool thanks, a document listing out all that you do would be great!
32 Views