JWT Functions

Overview

Allows for an additional layer of security using signed JWT. This plug-in may also be used to integrate with external systems using JWS.

Key Functionality and Features

  • jwtsign - Create a signed JWT using HS256, HS384, HS512, ES256, ES384, ES512, RS256, RS384, or RS512
  • jwtverify - Verify signed JWT
  • jwtgeneratesecretkey - Generate an Hmac-SHA key that can be used to sign a JWT using HS* algorithm
  • jwtdecode - Decode a JWT without verifying the signature

Uses JWTKs JJWT library: https://github.com/jwtk/jjwt

Anonymous
Parents Comment Children
  • Hi John.

    Thanks a lot, I added the private key and it is working.

    Thanks !!

  • Hi Jonathan,

    The problem is you have an invalid key. If you will be generating your own key, you can use tools such as openssl or similar.

    You may check this https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9.

    Your private key should look something like this:

    Sample RSA Key

    What you'd want to do then is to get the whole key, remove the newline characters, and save that in your SCS.

    Then you can use the key in your expression.

    Note: you don't need to put IAT in your payload, this is automatically added.

    I'm not sure what your use-case is, if you really need to use RS256 (asymmetric), but a simpler way is using HS256 (symmetric). You just need to generate a random string  as your secret (you may use jwtgeneratesecretkey) and store in your SCS.

    Thanks

  • Hi John,

    This is the expression.

    Related with private key, I don't know how to create it exactly, I was  trying to fix the shown errors and at the end I only created third party credentials in admin console as follows.

    Should I do something else ?

    Thanks !!

  • Hi Jonathan,

    Can you share the expression you're using? Also, how did you generate the private key?

    Thanks

  • Hi John, 

    Should I configure something in our environment in order to use this plug-in ? 

    I already created third party credentials in admin console and I'm using  that key in "secretOrScsKey" parameter, but it is retrieving the following error.

     

     I'm trying to use  RS256

    Thanks in advance.

  • Hi sid,

    I just submitted a new version, you should expect this in a few days.

    Not sure if it helps, but I also added new parameters to TokenOption and DecodeOptions: scsKeyId.

    This should automatically add the scs key and field as your  "kid" when signing, and use the "kid" to get the scs key and field when verifying.

    New token parameters