03/14/2023, 3:50 PM
Is there any documentation describing exactly what JWT verification Cerbos is capable of? Just signature verification? Which algorithms? Or does it do other claim verification like
timestamp based checks?
03/14/2023, 4:00 PM
We haven't documented the process in that detail -- which we'll look to do. Essentially, if you provide a key set, Cerbos does both verification (check signature) and validation (checking claims like
). Validation is always performed. You can turn off verification in config if you trust the JWT source and want to avoid the crypto overhead. All standard algorithms are supported.
03/14/2023, 4:39 PM
Cool thanks, a document listing out all that you do would be great!