From 7c4175958c531ffbe65295ba111e5f0eebe7974b Mon Sep 17 00:00:00 2001 From: DMRobertson Date: Wed, 15 Jun 2022 16:45:50 +0000 Subject: deploy: 7d99414edf2c5c7e602a88c72245add665e6afb4 --- develop/print.html | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'develop/print.html') diff --git a/develop/print.html b/develop/print.html index e59d08df52..261687c5db 100644 --- a/develop/print.html +++ b/develop/print.html @@ -5602,8 +5602,10 @@ expected to be non-existent.

tokens. Defaults to false.
  • secret: This is either the private shared secret or the public key used to decode the contents of the JSON web token. Required if enabled is set to true.
    • -
  • algorithm: The algorithm used to sign the JSON web token. Supported algorithms are listed at -https://pyjwt.readthedocs.io/en/latest/algorithms.html Required if enabled is set to true.
    • +
  • algorithm: The algorithm used to sign (or HMAC) the JSON web token. +Supported algorithms are listed +here (section JWS). +Required if enabled is set to true.
  • subject_claim: Name of the claim containing a unique identifier for the user. Optional, defaults to sub.
  • issuer: The issuer to validate the "iss" claim against. Optional. If provided the @@ -7623,7 +7625,7 @@ Providing the audience claim when not configured will cause validation to fail.< initial_device_display_name) which can be included in the above request.

    Preparing Synapse

    The JSON Web Token integration in Synapse uses the -PyJWT library, which must be installed +Authlib library, which must be installed as follows:

    -

    To enable the JSON web token integration, you should then add an jwt_config section +

    To enable the JSON web token integration, you should then add a jwt_config section to your configuration file (or uncomment the enabled: true line in the existing section). See sample_config.yaml for some sample settings.

    How to test JWT as a developer

    Although JSON Web Tokens are typically generated from an external server, the -examples below use PyJWT directly.

    +example below uses a locally generated JWT.

    1. Configure Synapse with JWT logins, note that this example uses a pre-shared @@ -7657,8 +7659,17 @@ secret and an algorithm of HS256:

    2. Generate a JSON web token:

      -
      $ pyjwt --key=my-secret-token --alg=HS256 encode sub=test-user
-eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.Ag71GT8v01UO3w80aqRPTeuVPBIBZkYhNTJJ-_-zQIc
+
      You can use the following short Python snippet to generate a JWT
+protected by an HMAC.
+Take care that the secret and the algorithm given in the header match
+the entries from jwt_config above.
      
+
      from authlib.jose import jwt
+
+header = {"alg": "HS256"}
+payload = {"sub": "user1", "aud": ["audience"]}
+secret = "my-secret-token"
+result = jwt.encode(header, payload, secret)
+print(result.decode("ascii"))
    3. -- cgit 1.5.1