nats-account-server

The NATS Account Server is an HTTP server that hosts and vends JWTs for nats-server 2.0 account authentication. The server supports an number of stores which enable it to serve account JWTs from a directory

The nats server can be configured with a memory resolver as well. This avoids usage of the account server. The NATS server can be configured with a NATS based resolver for the same purpose as well.

Usage of full NATS based resolver over NATS Account Server is recommended.

The NATS Account Server also speaks the full nats based resolver protocol and can be used as such.

The server can operate in a READ ONLY mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that a JWT in the store has been modified, updating the NATS server with the updated JWT.

The server supports replica mode, which allows load balancing, fault tolerance and geographic distribution of servers. Replicas are read-only and copy JWTs from the primary based on cache invalidation or NATS notifications.

The account server can host activation tokens as well as account JWTs. These tokens are used when one account needs to give permission to another account to access a private export. Tokens can be configured as full tokens, or URLs. By hosting them in the account server you can avoid the copy/paste process of embedding tokens. They can also be updated more easily on expiration. The account serer furthermore allows for jwt inspection.

All account server configuration options can be found here. It futhermore allows inspection of JWT.