Information
  • Author: Appian Corporation
  • Type: Plug-in (Function & Smart Service)
  • Support: This plug-in or utility is not supported by the author. The content is free to use with a licensed product, but it is made available as-is and Community supported.
  • Industry: All Industires
  • Compatible Version(s): 22.1
  • First Released:
  • Last Updated:
  • Cost: Free
Resources
Share
Home » AppMarket » JWT Tools

JWT Tools

Overview

Generate and validate JSON web tokens for use in integrating and authenticating with external systems, using a JWKS registry to get public keys for token signature validation

Key Features & Functionality

  • createtoken (Function) - create a signed JSON web token with standard claims.
  • createtokenwithcustomclaims (Function) - create a signed JSON web token with standard claims and additional custom claims that may be required for authentication with specific systems.
  • validatejwtsignature (Function) - Verify a received token against the issuing system's public key. Returns true if token was verified.
  • decodeJWT (Function) - Given a JWKS registry URL and a token, retrieve the proper public key and validate the given token returning an string with the decoded token if signature is valid, null otherwise.
Anonymous
  • in reply to paolob0005

    @paolob005 , are you able to resolve this error.

  • Hello

    I have a JWKS repository with a mutual authentification (mTLS)
    I imported a client certificat in "Client Certificates" of the admin console (docs.appian.com/.../Appian_Administration_Console.html
    It is now OK from a stantard appian integration object, I can get the list of certificats

    But with the JWT plugin, I have this error :

    Caused by: com.auth0.jwk.NetworkException: Cannot obtain jwks from url https://XXXXX/oauth2/v1/keys
    at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139)
    at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145)
    at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163)
    at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:43)
    at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:38)
    at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4876)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
    ... 262 more
    Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure


    It looks like mTLS is not managed by the plugin (handshake_failure)
    Can you confirm this and is it possible to upgrade the plugin?

  • v1.4.8 Release Notes
    • Updated jackson databind, jwks-rsa, and guava libraries. Added License File.

  • v1.4.7 Release Notes
    1. Adding iat to createtoken and createtokenwithcustomclaims
    2. Remove iss and aud when null

    IMPORTANT

    If upgrading from 1.4.4 or below and using the claims parameter with createtokenwithcustomclaims, you will need to refactor the usage. Version 1.4.5 added a new parameter "ver" before the "claims" parameter and functions use parameters in the order they are referenced.

  • v1.4.6 Release Notes
    • Updated the bouncycastle bcpkix and bouncycastle bcprov libraries.

  • I am trying to decode a token and I am receiving a null response. I am using the function decodeJWT() and in the parameter "jwksURL" I am using the same domain ( "">example.com/.../jwks.json" ) as when creating the token with the function "createtokenwithcustomclaims()".

    I created the private key with format PKCS#1 and I put the token on jwt.io and nothing is wrong with it.

    Any suggestions on what could be wrong?

  • v1.4.5 Release Notes
    • new "ver" header parameter for the createTokenWithCustomClaims Function as some specific systems require a "ver" header

  • v1.4.4 Release Notes
    • Security Updates

  • Am creating the token and using it in integration object as mentioned in the snapshot, getting {"errorCode":"AUTHORIZATION_INVALID_TOKEN","message":"The access token provided is expired, revoked or malformed."}.

    Please suggest how to fix the issue.

  • in reply to paolob0005

    Hi Paolo, 

    The problem seems to be the format of the private key.
    The plugin expects the private key in PKCS#1RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY) format and you are setting it in PKCS#8PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY)
    Please double check but I think you might be able to convert from PKCS#8 to PKCS#1: openssl rsa -in private_pkcs8.pem -out private_pkcs1.pem

    Thanks,
    Leandro.

     

© 2024 Appian. All rights reserved.