PATCH
/
api
/
v1
/
auth
/
jwt-auth
/
identities
/
{identityId}

Authorizations

Authorization
string
header
required

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the identity to update the auth method for.

Body

application/json
configurationType
enum<string>
required

The configuration for validating JWTs. Must be one of: 'jwks', 'static'

Available options:
jwks
jwksUrl
string
required

The URL of the JWKS endpoint. Required if configurationType is 'jwks'. This endpoint must serve JSON Web Key Sets (JWKS) containing the public keys used to verify JWT signatures.

accessTokenMaxTTL
integer
default:
2592000

The new maximum lifetime for an access token in seconds.

Required range: x < 315360000
accessTokenNumUsesLimit
integer
default:
0

The new maximum number of times that an access token can be used.

Required range: x > 0
accessTokenTrustedIps
object[]

The new IPs or CIDR ranges that access tokens can be used from.

accessTokenTTL
integer
default:
2592000

The new lifetime for an access token in seconds.

Required range: 1 < x < 315360000
boundAudiences
string
default:

The new list of intended recipients.

boundClaims
object

The new attributes that should be present in the JWT for it to be valid.

boundIssuer
string
default:

The new unique identifier of the JWT provider.

boundSubject
string
default:

The new expected principal that is the subject of the JWT.

jwksCaCert
string
default:

The PEM-encoded CA certificate for validating the TLS connection to the JWKS endpoint.

publicKeys
string[]

A list of PEM-encoded public keys used to verify JWT signatures. Required if configurationType is 'static'. Each key must be in RSA or ECDSA format and properly PEM-encoded with BEGIN/END markers.

Response

200 - application/json
identityJwtAuth
object
required

Was this page helpful?