operatorcontains an account resolver URL,
resolveronly needs to be specified in order to overwrite that default.
URLresolver specifies a URL where the server can append an account public key to retrieve that account's JWT. Convention for NATS Account JWT Servers is to serve JWTs at:
http://localhost:9090/jwt/v1/accounts/. For such a configuration you would specify the resolver as follows:
tlsconfiguration map lets you further restrict TLS to the resolver.
MEMORYresolver is statically configured in the server's configuration file. The memory resolver makes use of the
resolver_preloaddirective, which specifies a map of a public key to an account JWT:
MEMORYresolver is recommended when the server has a small number of accounts that don't change very often.
cache. Their commonalities are that they exchange/lookup account JWT via NATS and the system account, and store them in a local (not shared) directory.
resolver_preload. When present, JWTs are listed and stored in the resolver. There, they may be subject to updates. Restarts of the
nats-serverwill hold on to these more recent versions.
full. You need enough to still serve your workload adequately, while some servers are offline.
fullnats based resolver. This resolver is essentially the URL Resolver in NATS.
nsc, send it as a request to
$SYS.REQ.CLAIMS.UPDATE. Each participating
fullNATS based account resolver will respond with a message detailing success or failure.
$SYS.REQ.ACCOUNT.*.CLAIMS.LOOKUPand respond with the account JWT corresponding to the requested account id (wildcard).