Skip to main content
Configuration for JWT verification when RBAC authorization is enabled on AgentOS.

Import

Parameters

ParameterTypeDefaultDescription
verification_keysOptional[List[str]]NoneList of keys used to verify JWT signatures. For asymmetric algorithms (e.g. RS256), use public keys. For symmetric algorithms (e.g. HS256), use shared secrets. Each key is tried in order until one succeeds - useful for accepting tokens from multiple issuers.
jwks_fileOptional[str]NonePath to a static JWKS (JSON Web Key Set) file containing public keys. Keys are matched by kid (key ID) from the JWT header. Alternative to verification_keys for RSA key management.
algorithmOptional[str]RS256JWT algorithm for token verification. Common options: RS256 (asymmetric), HS256 (symmetric).
verify_audienceOptional[bool]FalseWhether to verify the audience claim of the JWT token. This should not be enabled for AgentOS Control Plane traffic.

Usage

Algorithm Options

AlgorithmTypeKey Format
RS256Asymmetric (RSA)Public key (PEM format)
RS384Asymmetric (RSA)Public key (PEM format)
RS512Asymmetric (RSA)Public key (PEM format)
HS256Symmetric (HMAC)Shared secret string
HS384Symmetric (HMAC)Shared secret string
HS512Symmetric (HMAC)Shared secret string
ES256Asymmetric (ECDSA)Public key (PEM format)
ES384Asymmetric (ECDSA)Public key (PEM format)
ES512Asymmetric (ECDSA)Public key (PEM format)

Examples

Using RS256 (Asymmetric)

Using HS256 (Symmetric)

Using JWKS File

The JWKS file should follow the standard format:

See Also