Skip to main content

JWT Issuer Format

This setting determines the format of the issuer (iss) claim in the Pomerium JWT. See JWT Authentication for more information about the Pomerium JWT.

Before Pomerium v0.28, this claim was always set to the hostname portion of the route's From URL. Starting in v0.28, the issue claim can be set to use a full URL instead. This may be necessary for interoperability with some JWT authentication consumers.

The default is hostname-only for backwards compatibility with existing Pomerium deployments.

How to configure

Config file keyEnvironment variableTypeDefault
jwt_issuer_formatJWT_ISSUER_FORMATstring (one of hostOnly or uri)hostOnly

Examples

jwt_issuer_format: uri