> For the complete documentation index, see [llms.txt](https://doc.cncf.vip/istio-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.cncf.vip/istio-handbook/pei-zhi/index-1/jwt.md). # JWTRule ## JWTRule 用于认证的 JSON Web Token(JWT)令牌格式,由 RFC 7519 定义。参见 OAuth 2.0 和 OIDC 1.0,了解在整个认证流程中如何使用。 ### 示例 JWT 的规格是由 `https://example.com` 签发,受众要求必须是 `bookstore_android.apps.example.com` 或 `bookstore_web.apps.example.com`。该令牌应呈现在 `Authorization` header(默认)。Json 网络密钥集(JWKS)将按照 OpenID Connect 协议被发现。 ```yaml issuer: https://example.com audiences: - bookstore_android.apps.example.com bookstore_web.apps.example.com ``` 这个例子在非默认位置(`x-goog-iap-jwt-assertion` header)指定了令牌。它还定义了 URI 来明确获取 JWKS。 ```yaml issuer: https://example.com jwksUri: https://example.com/.secret/jwks.json jwtHeaders: - "x-goog-iap-jwt-assertion" ``` 关于 `JWTRule` 配置的详细用法请参考 [Istio 官方文档](https://istio.io/latest/docs/reference/config/security/request_authentication/)。 ## 参考 * [JWTRule - istio.io](https://istio.io/latest/docs/reference/config/security/jwt/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.cncf.vip/istio-handbook/pei-zhi/index-1/jwt.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.