Information
  • Author: Appian Corporation
  • Type: Plug-in (Function & Smart Service)
  • Support: This plug-in or utility is not supported by the author. The content is free to use with a licensed product, but it is made available as-is and Community supported.
  • Industry: All Industires
  • Compatible Version(s): 22.3
  • First Released:
  • Last Updated:
  • Cost: Free
Resources
Share
Home » AppMarket » JWT

JWT

Overview

Generate and validate JSON web tokens for use in integrating and authenticating with external systems, using a JWKS registry to get public keys for token signature validation. The create token functions support encrypted private keys in either the PKCS#1 or PCKS#8 standard.

Key Features & Functionality

  • createtoken (Function) - create a signed JSON web token with standard claims.
  • createtokenwithcustomclaims (Function) - create a signed JSON web token with standard claims and additional custom claims that may be required for authentication with specific systems.
  • validatejwtsignature (Function) - Verify a received token against the issuing system's public key. Supports tokens encrypted with the RSA256 and RSA512 algorithm. Returns true if token was verified.
  • decodeJWT (Function) - Given a JWKS registry URL and a token, retrieve the proper public key and validate the given token returning an string with the decoded token if signature is valid, null otherwise
  • createDocuSignRSAJWTToken (Function) - Generates a JWT that conforms to the specs of DocuSign.
Anonymous
  • in reply to raquelrp6682

    We have noticed that if we have the create JWT pluggin deployed as well, it mashes that function and that's why it doesn't work. Both functions are called the same in each pluggin: decodeJwt

  • Hi, 

    has this function been updated? They have changed the input parameters, but I don't see any information.

    • decodeJWT (Function) - Given a JWKS registry URL and a token, retrieve the proper public key and validate the given token returning an string with the decoded token if signature is valid, null otherwise

    Now, to validate a token I have to use the validatejwtsignature one? Any example of use?

  • v1.4.11 Release Notes
    • Updated createtokenwithcustomclaims to allow for custom headers to be provided as an input. This gives support to DPoP OAuth extension.
  • in reply to paolob0005

    Hello  Was your issue resolved, i am facing the same error after the plugin deployed. Can you please provide the value that you have configured in admin console thirdparty to get the connection success?

  • in reply to paolob0005

    The plug-in now supports keys in this format (PKCS#8)

  • v1.4.10 Release Notes
    • The createtoken and createtokenwithcustomclaims functions now supports PKCS#8 (RSA only) private keys in addition to PKCS#1
    • The validatejwtsignature function now supports the RSA256 algorithm in addition to RSA512

  • Hi Team, 

    I have seen that the decodeJWT function returns the decoded token but only if the signature is valid, otherwise it returns null. 

    Is there a way to decode a token without validating the signature? I mean, something similar to the jwtdecode function of the JWT Functions plug-in.

    Thanks in advance.

  • in reply to paolob0005

    @paolob005 , are you able to resolve this error.

  • Hello

    I have a JWKS repository with a mutual authentification (mTLS)
    I imported a client certificat in "Client Certificates" of the admin console (docs.appian.com/.../Appian_Administration_Console.html
    It is now OK from a stantard appian integration object, I can get the list of certificats

    But with the JWT plugin, I have this error :

    Caused by: com.auth0.jwk.NetworkException: Cannot obtain jwks from url https://XXXXX/oauth2/v1/keys
    at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139)
    at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145)
    at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163)
    at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:43)
    at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:38)
    at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4876)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
    ... 262 more
    Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure


    It looks like mTLS is not managed by the plugin (handshake_failure)
    Can you confirm this and is it possible to upgrade the plugin?

  • v1.4.8 Release Notes
    • Updated jackson databind, jwks-rsa, and guava libraries. Added License File.

© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.