JWT

Overview

Generate and validate JSON web tokens for use in integrating and authenticating with external systems, using a JWKS registry to get public keys for token signature validation. The create token functions support encrypted private keys in either the PKCS#1 or PCKS#8 standard.

Key Features & Functionality

createtoken (Function) - create a signed JSON web token with standard claims.
createtokenwithcustomclaims (Function) - create a signed JSON web token with standard claims and additional custom claims that may be required for authentication with specific systems.
validatejwtsignature (Function) - Verify a received token against the issuing system's public key. Supports tokens encrypted with the RSA256 and RSA512 algorithm. Returns true if token was verified.
decodeJWT (Function) - Given a JWKS registry URL and a token, retrieve the proper public key and validate the given token returning an string with the decoded token if signature is valid, null otherwise
createDocuSignRSAJWTToken (Function) - Generates a JWT that conforms to the specs of DocuSign.

Appian AppMarket 11 months ago
v1.4.7 Release Notes
1. Adding iat to createtoken and createtokenwithcustomclaims
2. Remove iss and aud when null
IMPORTANT

If upgrading from 1.4.4 or below and using the claims parameter with createtokenwithcustomclaims, you will need to refactor the usage. Version 1.4.5 added a new parameter "ver" before the "claims" parameter and functions use parameters in the order they are referenced.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
Appian AppMarket over 1 year ago
v1.4.6 Release Notes
- Updated the bouncycastle bcpkix and bouncycastle bcprov libraries.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
OscarPinel over 1 year ago

I am trying to decode a token and I am receiving a null response. I am using the function decodeJWT() and in the parameter "jwksURL" I am using the same domain ( "">example.com/.../jwks.json" ) as when creating the token with the function "createtokenwithcustomclaims()".

I created the private key with format PKCS#1 and I put the token on jwt.io and nothing is wrong with it.

Any suggestions on what could be wrong?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
Appian AppMarket over 1 year ago
v1.4.5 Release Notes
- new "ver" header parameter for the createTokenWithCustomClaims Function as some specific systems require a "ver" header
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
Appian AppMarket over 2 years ago
v1.4.4 Release Notes
- Security Updates
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
jasmithak over 2 years ago

Am creating the token and using it in integration object as mentioned in the snapshot, getting {"errorCode":"AUTHORIZATION_INVALID_TOKEN","message":"The access token provided is expired, revoked or malformed."}.

Please suggest how to fix the issue.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
Leandro Bonilla over 2 years ago in reply to paolob0005

Hi Paolo,

The problem seems to be the format of the private key.
The plugin expects the private key in PKCS#1RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY) format and you are setting it in PKCS#8PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY)
Please double check but I think you might be able to convert from PKCS#8 to PKCS#1: openssl rsa -in private_pkcs8.pem -out private_pkcs1.pem

Thanks,
Leandro.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
virenp over 2 years ago in reply to Will Ruck

It works now! Thanks a lot for your help Will Ruck.
- Cancel
- Up +1 Down
- Reply
- More
- Cancel
Will Ruck over 2 years ago in reply to virenp

Close! Below is what my setting looks like. You only want to have the Private Key in that field, not the public and private.
- Cancel
- Up +2 Down
- Reply
- More
- Cancel
virenp over 2 years ago in reply to Will Ruck

Will Ruck Ah okay, I have added JWT. My key in the credentials is named appianprivatekey with both the public and private keys pasted as the values. Is this the correct way to do it? Because currently I'm getting "Appian JWTTools failed to generate JWT Token". Thanks!
- Cancel
- Up +1 Down
- Reply
- More
- Cancel