JWT (Deprecated)

Discover more about the JWT component and how to use it on the Digibee Integration Platform.

The JWT component is deprecated and no longer updated. Please refer to the document with the most recent version of the feature: JWT V2.

JWT creates JWS and JWE as well as JWS verification and JWE decodification.

Parameters

Take a look at the configuration parameters of the component. Parameters supported by Double Braces expressions are marked with (DB).

Parameter	Description	Default value	Data type
Operation	"Generate JWS" creates JWS tokens. "Generate JWE" creates JWE tokens. "Verify JWS" verifies a JWS token signature and "Decode JWE" decrypts the JWS token and returns this token payload.	Generate JWS	String
Public Key	PUBLIC-KEY account type used to sign JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to encrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.	N/A	String
Private Key	PRIVATE-KEY account type used to verify JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to decrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.	N/A	String
Secret Key	SECRET-KEY account type used to sign JWS tokens with the following algorithms: HS256, HS384, and HS512. Also used to encrypt and decrypt JWE tokens with the following algorithms: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, and A256GCMKW.	N/A	String
Key as Base64	If enabled, the Secret Key account must be in base64 format; otherwise, it must contain the value of the key to be used.	False	Boolean
Key Charset	If the Key as Base64 property is enabled, the key charset must be informed.	UTF-8	String
JWS Algorithm	Algorithms used to sign and verify JWS tokens: HS256, HS384, HS512, RS256, RS384, RS512, PS256, PS384, and PS512.	HS256	String
JWE Algorithm	Algorithms used to encrypt and decrypt JWE tokens: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW, RSA1_5, RSA-OAEP, and RSA-OAEP-256.	RSA-OAEP	String
Encrypted Payload Algorithm	Algorithms used to encrypt and decrypt the payload of JWE tokens, namely: A128KW, A192KW, A256KW, and A256GCM.	A128KW	String
Issuer (iss)	A claim "iss" (issuer) identifies the main one that issued JWT. This claim processing is generally specific from the application. This claim is optional.	N/A	String
Expiration Time (exp)	A claim "exp" (expiration time) identifies the expiration time in which or after which JWT cannot be accepted for processing. The processing of the “exp” request demands the date / time to be previous to the expiration date / time listed in the “exp” request. This claim is optional.	N/A	Integer
Issued at (iat)	A claim "iat" (Issued at) identifies the time when JWT was issued. The statement can be used to determine the JWT age. Its value must be a number. This claim is optional.	N/A	Integer
Subject (sub)	A claim "sub" (subject) identifies the JWT subject. The statements in a JWT are usually about the subject. The subject value must locally exclusive in the issuer context or globally exclusive. The processing of this claim is generally specific from the application. This claim is optional.	N/A	String
Token Id (jti)	The claim "jti" (JWT ID) provides an exclusive identifier for JWT. The identifier value must be given to minimize the chances of the same value to be accidentally assigned to an object of different data. If the application uses multiple issuers, the collisions MUST be also avoided between the values produced by different issuers. The claim “jti” can be used to avoid JWT to be repeated. This claim is optional.	N/A	String
Audience (aud)	Single value. The claim "aud" (public) identifies the JWT recipients. Each principal that intends to process JWT MUST identify itself with a value inside the claim reivindication. If the one responsible for the claim processing doesn’t identify itself with a value in the claim “aud” when this claim is present, JWT MUST be declined. This claim is optional.	N/A	String
Not Before (nbf)	The claim "nbf" (not before) identifies the time before which JWT CAN’T be accepted for processing. The “nbf” complaint processing demands the current date / time to be previous or equal to the date / time listed in the “nbf” complaint. The implementers CAN predict a small safety margin - generally no more than a few minutes - to compensate the distortion in the timer. Its value must be a number. This claim is optional.	N/A	Integer
Custom Claims	To specify custom claims, just inform the key (name of the claim) and the claim value.	N/A	Key-value
Custom Headers	To specify custom headers, just inform the header key and value in the respective fields.	N/A	Key-value
JWE	Field to inform the JWE token.	N/A	String
JWS	Field to inform the JWS token.	N/A	String
Payload Charset	Charset of the payload used in the creation of JWE tokens.	UTF-8	String
Payload	Payload to be used in the JWE token creation.	N/A	String
Use JWK	If enabled, a JWK is expected to verify the JWT token. This option is only available if Verify JWS is selected in the Operation parameter. Use JWK also disables all account options (Secret Key, Private Key, and Public Key parameters) as well as the Key Charset, Key as Base64, and JWS Algorithm parameters.	False	Boolean
JWK	JWK which is used to verify the JWS token.	N/A	String
Fail On Error	If the option is enabled, the execution of the pipeline with an error is suspended; otherwise, the pipeline execution proceeds, but the	False	Boolean

Parameter

Description

Default value

Data type

Operation

"Generate JWS" creates JWS tokens. "Generate JWE" creates JWE tokens. "Verify JWS" verifies a JWS token signature and "Decode JWE" decrypts the JWS token and returns this token payload.

Generate JWS

String

Public Key

PUBLIC-KEY account type used to sign JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to encrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.

N/A

String

Private Key

PRIVATE-KEY account type used to verify JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to decrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.

N/A

String

Secret Key

SECRET-KEY account type used to sign JWS tokens with the following algorithms: HS256, HS384, and HS512. Also used to encrypt and decrypt JWE tokens with the following algorithms: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, and A256GCMKW.

N/A

String

Key as Base64

If enabled, the Secret Key account must be in base64 format; otherwise, it must contain the value of the key to be used.

False

Boolean

Key Charset

If the Key as Base64 property is enabled, the key charset must be informed.

UTF-8

String

JWS Algorithm

Algorithms used to sign and verify JWS tokens: HS256, HS384, HS512, RS256, RS384, RS512, PS256, PS384, and PS512.

HS256

String

JWE Algorithm

Algorithms used to encrypt and decrypt JWE tokens: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW, RSA1_5, RSA-OAEP, and RSA-OAEP-256.

RSA-OAEP

String

Encrypted Payload Algorithm

Algorithms used to encrypt and decrypt the payload of JWE tokens, namely: A128KW, A192KW, A256KW, and A256GCM.

A128KW

String

Issuer (iss)

A claim "iss" (issuer) identifies the main one that issued JWT. This claim processing is generally specific from the application. This claim is optional.

N/A

String

Expiration Time (exp)

A claim "exp" (expiration time) identifies the expiration time in which or after which JWT cannot be accepted for processing. The processing of the “exp” request demands the date / time to be previous to the expiration date / time listed in the “exp” request. This claim is optional.

N/A

Integer

Issued at (iat)

A claim "iat" (Issued at) identifies the time when JWT was issued. The statement can be used to determine the JWT age. Its value must be a number. This claim is optional.

N/A

Integer

Subject (sub)

A claim "sub" (subject) identifies the JWT subject. The statements in a JWT are usually about the subject. The subject value must locally exclusive in the issuer context or globally exclusive. The processing of this claim is generally specific from the application. This claim is optional.

N/A

String

Token Id (jti)

The claim "jti" (JWT ID) provides an exclusive identifier for JWT. The identifier value must be given to minimize the chances of the same value to be accidentally assigned to an object of different data. If the application uses multiple issuers, the collisions MUST be also avoided between the values produced by different issuers. The claim “jti” can be used to avoid JWT to be repeated. This claim is optional.

N/A

String

Audience (aud)

Single value. The claim "aud" (public) identifies the JWT recipients. Each principal that intends to process JWT MUST identify itself with a value inside the claim reivindication. If the one responsible for the claim processing doesn’t identify itself with a value in the claim “aud” when this claim is present, JWT MUST be declined. This claim is optional.

N/A

String

Not Before (nbf)

The claim "nbf" (not before) identifies the time before which JWT CAN’T be accepted for processing. The “nbf” complaint processing demands the current date / time to be previous or equal to the date / time listed in the “nbf” complaint. The implementers CAN predict a small safety margin - generally no more than a few minutes - to compensate the distortion in the timer. Its value must be a number. This claim is optional.

N/A

Integer

Custom Claims

To specify custom claims, just inform the key (name of the claim) and the claim value.

N/A

Key-value

Custom Headers

To specify custom headers, just inform the header key and value in the respective fields.

N/A

Key-value

JWE

Field to inform the JWE token.

N/A

String

JWS

Field to inform the JWS token.

N/A

String

Payload Charset

Charset of the payload used in the creation of JWE tokens.

UTF-8

String

Payload

Payload to be used in the JWE token creation.

N/A

String

Use JWK

If enabled, a JWK is expected to verify the JWT token. This option is only available if Verify JWS is selected in the Operation parameter. Use JWK also disables all account options (Secret Key, Private Key, and Public Key parameters) as well as the Key Charset, Key as Base64, and JWS Algorithm parameters.

False

Boolean

JWK

JWK which is used to verify the JWS token.

N/A

String

Fail On Error

If the option is enabled, the execution of the pipeline with an error is suspended; otherwise, the pipeline execution proceeds, but the

False

Boolean

Messages flow

Input

No specific input message is expected. All it takes is to fill the required fields of each operation.

Output

For the "Generate JWS" operations:

{
    "success": true,
    "jws": "<JWS TOKEN>",
}

For the “Generate JWE" operations:

{    
    "success": true,    
    "jwe": "<JWE TOKEN>"
}

For the “Verify JWS" operations:

{    
    "success": true,    
    "verified": true,  
    "claims": ["subject": ".....","issuedAt": 11111111]
}

For the “Decode JWE" operations:

{    
    "success": true,    
    "payload": "<DECRYPTED PAYLOAD>"
}

PreviousHash NextLDAP

Last updated 5 months ago