jwt0.2.6

JWT authentication extension.

JWT

This extension provides JWT authentication for the Grafbase Gateway.

Installing

Add the following to your Grafbase Gateway configuration file:


# grafbase.toml

[extensions.jwt]
version = "0.2"

Run the install command before starting the gateway


grafbase extension install

Configuration


# grafbase.toml

[extension.jwt.config]
# == Required ==
# URL to download the JWKS for signature validation.
url = "https://example.com/.well-known/jwks.json"

# == Optional ==
# Expected `iss` claim. By default it is NOT validated.
# issuer = "example.com"

# Expected `aud` claim. By default it is NOT validated.
# audience = "my-project"

# How long the JWKS will be cached, in seconds.
poll_interval = 60
# Header name from which to retrieve the JWT token.
header_name = "Authorization"
# Header value prefix to remove before parsing the JWT token.
header_value_prefix = "Bearer "

Once installed, the authentication extension will be automatically used by the Grafbase Gateway and reject non-authenticated requests. If you want anonymous users you should change the default authentication in you grafbase.toml to:


# grafbase.toml

[authentication]
default = "anonymous"

Apache-2.0

26 Mar, 2025

Tom HouléJulius de Bruijn

InstallAdd this to your TOML configuration file:

[extensions] jwt = "0.2.6"

github.com/grafbase/extensions/tree/main/extensions/jwt

More extensions

authenticated1.0.3

Prevent access to elements in the query when the user is not authenticated

nats0.4.1

Map NATS endpoints to GraphQL fields. Supports regular and JetStream...

requires-scopes1.0.5

Prevent access to elements in the query if the user doesn't have the right...

jwt0.2.6

JWT

Installing

Configuration

Usage

More extensions