Digibee JWT (Generate and Decode)

Digibee JWT (Generate and Decode) generates and decodes JWT tokens for internal use in the Digibee Integration Platform.

In other words, the token generated by this component serves the communication that occurs between pipelines configured with REST Trigger or HTTP Trigger and its derivatives - once the JWT-type authentications are configured.

Parameters

Take a look at the configuration options for the component. Parameters supported by Double Braces expressions are marked with (DB).

Messages flow

Generate Operation

Input

The component can receive any object in the input and will repass the complete body for the token generation. You can provide the Scopes and/or Expiration dynamically via Double Braces along with any additional parameter in the input message.

Output

{
    "status": "logged"
}

The Authorization property will be placed with the token in the response header generated by the specifications above.

Example

Authorization: Bearer eyW4T.....

Decode Operation

For this operation, the component doesn't expect any input message structure, but only a JWT token in the request header during the execution.

Input

{
    "scopes": "SCOPE1,SCOPE2,...,...",
    "expiration": 1602790847,
    "randomProperty": "someValue",...
}

Header

Authorization: Bearer eyW4T.....

Output

{
    "body": {
        "dataToken": {
            "consumer_name": "digibee",
            "realm": "digibee",
            "parameter1": "parameter_value",
            "parameter2": "parameter_value",...
        }
    }
}

Error

{
    error: "error message",
    code: XXX,
    body: {},
    headers: {}
}

Digibee JWT (Generate and Decode) in Action

This component needs the pipeline implementation to work properly. Refer to article Digibee JWT (Generate and Decode) implementation to know more about its use and application.

Technology

To better understand how the JWT token is generated from this component, check the following example.

For all JWT it's necessary to inform the headers, because they have all the information of the algorithm to be used in the token cryptography. Therefore, the standard headers of the generated token are:

{  
    "alg": "HS256",  
    "typ": "JWT"
}

The JWT token is composed by a payload, which includes all the information that travels in the token. It is informed in the component input:

{  
    "scopes": [],  
    "consumer_name":"digibee",  
    "realm": "REALM",  
    "someRandomProperty": "someRandomValue",….
}

UUID is randomly generated alongside with the token creation, which must be signed. See how to identify the UUID:

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
 RANDOM_UUID

By the end of the execution, the token will be generated inside the Authorization header:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.jY3Sv72B0BlRCrxLauMXHJi5zLY3v2BmknciOEh3q2c

JWT placement and data input

The order in which Digibee JWT (Generate and Decode) is placed in the pipeline also affects the operation and determines what data will be inserted into the JWT token. This happens because the component adds any content from the previous step into the generated JWT token (including the data received at the pipeline input).

It is important to consider this behavior. Therefore, Digibee JWT (Generate and Decode) must not be put as the first component in a pipeline. Components such as JSON Transformer, Transformer (JOLT), or JSON Generator must be used before JWT to determine appropriate data input.

The following example indicates a recommendable data input on JWT:

{
"id": "d0c6392b-6f3d-49ac-a135-4649aaa74f22",
"number": 1,
"e-mail": "email@email.com"
}

For more information, refer to JWT documentation.