emqx_authn_jwt {

acl_claim_name.desc:
"""JWT claim name to use for getting ACL rules."""

acl_claim_name.label:
"""ACL claim name"""

algorithm.desc:
"""JWT signing algorithm, Supports HMAC (configured as <code>hmac-based</code>) and RSA, ECDSA (configured as <code>public-key</code>)."""

algorithm.label:
"""JWT Signing Algorithm"""

cacertfile.desc:
"""Path to a file containing PEM-encoded CA certificates."""

cacertfile.label:
"""CA Certificate File"""

certfile.desc:
"""Path to a file containing the user certificate."""

certfile.label:
"""Certificate File"""

enable.desc:
"""Enable/disable SSL."""

enable.label:
"""Enable/disable SSL"""

endpoint.desc:
"""JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format."""

endpoint.label:
"""JWKS Endpoint"""

from.desc:
"""Field to take JWT from."""

from.label:
"""From Field"""

jwt_hmac.desc:
"""Configuration when the JWT for authentication is issued using the HMAC algorithm."""

jwt_jwks.desc:
"""Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."""

keyfile.desc:
"""Path to a file containing the user's private PEM-encoded key."""

keyfile.label:
"""Key File"""

jwt_public_key.desc:
"""Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."""

public_key.desc:
"""The public key used to verify the JWT."""

public_key.label:
"""Public Key"""

refresh_interval.desc:
"""JWKS refresh interval."""

refresh_interval.label:
"""JWKS Refresh Interval"""

secret.desc:
"""The key to verify the JWT using HMAC algorithm."""

secret.label:
"""Secret"""

secret_base64_encoded.desc:
"""Whether secret is base64 encoded."""

secret_base64_encoded.label:
"""Whether Secret is Base64 Encoded"""

server_name_indication.desc:
"""Server Name Indication (SNI)."""

server_name_indication.label:
"""Server Name Indication"""

ssl.desc:
"""SSL options."""

ssl.label:
"""SSL Options"""

use_jwks.desc:
"""Whether to use JWKS."""

use_jwks.label:
"""Whether to Use JWKS"""

verify.desc:
"""Enable or disable SSL peer verification."""

verify.label:
"""Verify"""

verify_claims.desc:
"""A list of custom claims to validate, which is a list of name/value pairs.
Values can use the following placeholders:
- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting
- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting
Authentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in <code>verify_claims</code>."""

verify_claims.label:
"""Verify Claims"""

}