The list of intended recipients for the token.
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.
A list of parties that could have issued the token.
The maximum expected time difference between the system clocks of the token issuer and the API Gateway. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.
The name of the header containing the authentication token.
The name of the query parameter containing the authentication token.
A list of claims which should be validated to consider the token valid.
Validate a JWT token present in the header or query parameter. A valid policy must specify either tokenHeader or tokenQueryParam.