emqx_authn_jwt {
use_jwks {
desc {
en: """Whether to use JWKS."""
zh: """是否使用 JWKS。"""
}
label {
en: """Whether to Use JWKS"""
zh: """是否使用 JWKS"""
}
}
algorithm {
desc {
en: """JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key)."""
zh: """JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。"""
}
label {
en: """JWT Signing Algorithm"""
zh: """JWT 签名算法"""
}
}
public_key {
desc {
en: """The public key used to verify the JWT."""
zh: """用于验证 JWT 的公钥。"""
}
label {
en: """Public Key"""
zh: """公钥"""
}
}
secret_base64_encoded {
desc {
en: """Whether secret is base64 encoded."""
zh: """密钥是否为 Base64 编码。"""
}
label {
en: """Whether Secret is Base64 Encoded"""
zh: """密钥是否为 Base64 编码"""
}
}
secret {
desc {
en: """The key to verify the JWT using HMAC algorithm."""
zh: """使用 HMAC 算法时用于验证 JWT 的密钥"""
}
label {
en: """Secret"""
zh: """Secret"""
}
}
endpoint {
desc {
en: """JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format."""
zh: """JWKS 端点, 它是一个以 JWKS 格式返回服务端的公钥集的只读端点。"""
}
label {
en: """JWKS Endpoint"""
zh: """JWKS Endpoint"""
}
}
refresh_interval {
desc {
en: """JWKS refresh interval."""
zh: """JWKS 刷新间隔。"""
}
label {
en: """JWKS Refresh Interval"""
zh: """JWKS 刷新间隔"""
}
}
cacertfile {
desc {
en: """Path to a file containing PEM-encoded CA certificates."""
zh: """包含 PEM 编码的 CA 证书的文件的路径。"""
}
label {
en: """CA Certificate File"""
zh: """CA 证书文件"""
}
}
certfile {
desc {
en: """Path to a file containing the user certificate."""
zh: """包含用户证书的文件的路径。"""
}
label {
en: """Certificate File"""
zh: """证书文件"""
}
}
keyfile {
desc {
en: """Path to a file containing the user's private PEM-encoded key."""
zh: """包含 PEM 编码的用户私钥的文件的路径。"""
}
label {
en: """Key File"""
zh: """私钥文件"""
}
}
verify {
desc {
en: """Enable or disable SSL peer verification."""
zh: """指定握手过程中是否校验对端证书。"""
}
label {
en: """Verify"""
zh: """Verify"""
}
}
server_name_indication {
desc {
en: """Server Name Indication (SNI)."""
zh: """服务器名称指示(SNI)。"""
}
label {
en: """Server Name Indication"""
zh: """服务器名称指示"""
}
}
verify_claims {
desc {
en: """
A list of custom claims to validate, which is a list of name/value pairs.
Values can use the following placeholders:
- ${username}: Will be replaced at runtime with Username used by the client when connecting
- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting
Authentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.
"""
zh: """
需要验证的自定义声明列表,它是一个名称/值对列表。
值可以使用以下占位符:
- ${username}: 将在运行时被替换为客户端连接时使用的用户名
- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端标识符
认证时将验证 JWT(取自 Password 字段)中 claims 的值是否与 verify_claims 中要求的相匹配。
"""
}
label {
en: """Verify Claims"""
zh: """Verify Claims"""
}
}
ssl {
desc {
en: """SSL options."""
zh: """SSL 选项。"""
}
label {
en: """SSL Options"""
zh: """SSL 选项"""
}
}
enable {
desc {
en: """Enable/disable SSL."""
zh: """启用/禁用 SSL。"""
}
label {
en: """Enable/disable SSL"""
zh: """启用/禁用 SSL"""
}
}
hmac-based {
desc {
en: """Configuration when the JWT for authentication is issued using the HMAC algorithm."""
zh: """用于认证的 JWT 使用 HMAC 算法签发时的配置。"""
}
}
public-key {
desc {
en: """Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."""
zh: """用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。"""
}
}
jwks {
desc {
en: """Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."""
zh: """用于认证的 JWTs 需要从 JWKS 端点获取时的配置。"""
}
}
ssl_disable {
desc {
en: """SSL configuration."""
zh: """SSL 配置。"""
}
}
ssl_enable {
desc {
en: """SSL configuration."""
zh: """SSL 配置。"""
}
}
acl_claim_name {
desc {
en: """JWT claim name to use for getting ACL rules."""
zh: """JWT claim name to use for getting ACL rules."""
}
label {
en: """ACL claim name"""
zh: """ACL claim name"""
}
}
from {
desc {
en: """Field to take JWT from."""
zh: """要从中获取 JWT 的字段。"""
}
label {
en: """From Field"""
zh: """源字段"""
}
}
}