Jinja filters¶
In addition to the built-in filters,
we have also defined custom Jinja filters that can be used in pipe and system configurations. Some of these filters
produce the same output as the corresponding DTL function (see table), e.g. the bytes filter should give the same
results as the bytes DTL function. Note that underscores are used in place of dashes in filter names, as
opposed to DTL functions. System secrets and subscription-wide secrets can be used inside the filters
with secret('secret-name').
decode_jwt¶
Decodes a JWT given a (public) key. Also supports supplying a JSON Web Key Set (JWKS) URL in place of a key. See the
table below for all supported arguments. Example usage: secret('jwt') | decode_jwt(key=secret('public_key'))
Argument |
Type |
Description |
Default |
Req |
|---|---|---|---|---|
|
String |
The public key used for decoding the JWT. |
Yes, if |
|
|
String |
An HTTPS endpoint containing JSON Web Keys (JWKS). Can be used in place of |
Yes, if |
|
|
List<String> |
List of allowed algorithms. |
|
No |
|
Boolean |
Whether the JWT signature should be verified. |
|
No |
|
Str, List<String> |
List of claims that must be present. |
No |
|
|
Bytes |
A payload to verify the signature against. Used for tokens that are not carrying a payload. |
No |
|
|
Boolean |
Check that the |
No |
|
|
Boolean |
Check that the |
No |
|
|
Boolean |
Check that |
No |
|
|
Boolean |
Check that |
No |
|
|
Boolean |
Check that |
No |
|
|
Boolean |
Check that the aud claim is a single value (not a list), and matches |
|
No |
|
String, List<String> |
The value to check against if |
No |
|
|
String |
The value to check against if |
No |
|
|
Integer, Float |
A time margin in seconds for the JWT expiration check. |
|
No |
DTL-equivalent filters¶
Filter |
Description |
|---|---|
|
See the bytes DTL function. |
|
See the base64-encode DTL function. |
|
See the base64-decode DTL function. |
|
See the datetime DTL function. |
|
See the datetime-format DTL function. |