##--------------------------------------------------------------------
## JWT Auth Plugin
##--------------------------------------------------------------------

## HMAC Hash Secret.
##
## Value: String
auth.jwt.secret = emqxsecret

## RSA or ECDSA public key file.
##
## Value: File
#auth.jwt.pubkey = etc/certs/jwt_public_key.pem

## The JWKs server address
##
## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html
##
#auth.jwt.jwks = https://127.0.0.1:8080/jwks

## The JWKs refresh interval
##
## Value: Duration
#auth.jwt.jwks.refresh_interval = 5m

## From where the JWT string can be got
##
## Value: username | password
## Default: password
auth.jwt.from = password

## Enable to verify claims fields
##
## Value: on | off
auth.jwt.verify_claims = off

## The checklist of claims to validate
##
## Configuration format: auth.jwt.verify_claims.$name = $expected
##   - $name: the name of the field in the JWT payload to be verified
##   - $expected: the expected value
##
## The available placeholders for $expected:
##   - %u: username
##   - %c: clientid
##
## For example, to verify that the username in the JWT payload is the same
## as the client (MQTT protocol) username
#auth.jwt.verify_claims.username = %u