OAuth JWTBearerGrantType Object

Contains information about an OAuth provider's settings for the JWT Bearer grant type.

This object is used by the following operations:

The properties included in the JWTBearerGrantType object are listed below.

Property Type Description
AccessTokenExpirationTimeInSeconds long The expiration time, in seconds, for the access token. Example: 1296000 (15 days).
IssueRefreshTokens boolean Indicates whether or not refresh tokens are valid for this grant.
GrantExpirationTimeInSeconds long The expiration time, in seconds, for the grant.
AllowedClockSkewInSeconds long Indicates the allowable clock skew value, in seconds, for JSON web key tokens. Example: 600.
JWTIssuedByThisProvider boolean

Indicates whether the JWT token is issued by this domain.

The platform supports JWT assertions given by its own OAuth provider or another OAuth provider. One scenario is that the assertions come from PingFederate and the platform validates them; another scenario is that a cusotmer might want to use an identity provider that doesn't support JWT assertions, and wants the platform to create the assertions and also to validate them.

In the platform, this is controlled by a checkbox in the OAuth Provider Domain setup (Tab 2, Grant Types: Assertions Issued by this Provider field).

If the checkbox is checked, or this setting set to true, it implies assertions are created by the same OAuth provider domain that is validating it. When the checkbox is cleared, or the setting set to false, the platform only validates the assertions created by the resource owner authentication domain.

When selecting an identity provider domain for resource owners that cannot create JWT assertions—for example, LDAP domain—the checkbox should be checked, or the setting set to true. If the resource owner authentication domain is PingFederate or any OpenID Connect Relying Party domain, the checkbox should be cleared or this setting set to false.

GrantType string The grant type. In this context, it is always urn:ietf:params:oauth:grant-type:jwt-bearer.