JWT (Deprecated)

Operation

"Generate JWS" creates JWS tokens. "Generate JWE" creates JWE tokens. "Verify JWS" verifies a JWS token signature and "Decode JWE" decrypts the JWS token and returns this token payload.

Generate JWS

String

Public Key

PUBLIC-KEY account type used to sign JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to encrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.

N/A

String

Private Key

PRIVATE-KEY account type used to verify JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to decrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.

N/A

String

Secret Key

SECRET-KEY account type used to sign JWS tokens with the following algorithms: HS256, HS384, and HS512. Also used to encrypt and decrypt JWE tokens with the following algorithms: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, and A256GCMKW.

N/A

String

Key as Base64

If enabled, the Secret Key account must be in base64 format; otherwise, it must contain the value of the key to be used.

False

Boolean

Key Charset

If the Key as Base64 property is enabled, the key charset must be informed.

UTF-8

String

JWS Algorithm

Algorithms used to sign and verify JWS tokens: HS256, HS384, HS512, RS256, RS384, RS512, PS256, PS384, and PS512.

HS256

String

JWE Algorithm

Algorithms used to encrypt and decrypt JWE tokens: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW, RSA1_5, RSA-OAEP, and RSA-OAEP-256.

RSA-OAEP

String

Encrypted Payload Algorithm

Algorithms used to encrypt and decrypt the payload of JWE tokens, namely: A128KW, A192KW, A256KW, and A256GCM.

A128KW

String

Issuer (iss)

A claim "iss" (issuer) identifies the main one that issued JWT. This claim processing is generally specific from the application. This claim is optional.

N/A

String

Expiration Time (exp)

A claim "exp" (expiration time) identifies the expiration time in which or after which JWT cannot be accepted for processing. The processing of the “exp” request demands the date / time to be previous to the expiration date / time listed in the “exp” request. This claim is optional.

N/A

Integer

Issued at (iat)

A claim "iat" (Issued at) identifies the time when JWT was issued. The statement can be used to determine the JWT age. Its value must be a number. This claim is optional.

N/A

Integer

Subject (sub)

A claim "sub" (subject) identifies the JWT subject. The statements in a JWT are usually about the subject. The subject value must locally exclusive in the issuer context or globally exclusive. The processing of this claim is generally specific from the application. This claim is optional.

N/A

String

Token Id (jti)

The claim "jti" (JWT ID) provides an exclusive identifier for JWT. The identifier value must be given to minimize the chances of the same value to be accidentally assigned to an object of different data. If the application uses multiple issuers, the collisions MUST be also avoided between the values produced by different issuers. The claim “jti” can be used to avoid JWT to be repeated. This claim is optional.

N/A

String

Audience (aud)

Single value. The claim "aud" (public) identifies the JWT recipients. Each principal that intends to process JWT MUST identify itself with a value inside the claim reivindication. If the one responsible for the claim processing doesn’t identify itself with a value in the claim “aud” when this claim is present, JWT MUST be declined. This claim is optional.

N/A

String

Not Before (nbf)

The claim "nbf" (not before) identifies the time before which JWT CAN’T be accepted for processing. The “nbf” complaint processing demands the current date / time to be previous or equal to the date / time listed in the “nbf” complaint. The implementers CAN predict a small safety margin - generally no more than a few minutes - to compensate the distortion in the timer. Its value must be a number. This claim is optional.

N/A

Integer

Custom Claims

To specify custom claims, just inform the key (name of the claim) and the claim value.

N/A

Key-value

Custom Headers

To specify custom headers, just inform the header key and value in the respective fields.

N/A

Key-value

JWE

Field to inform the JWE token.

N/A

String

JWS

Field to inform the JWS token.

N/A

String

Payload Charset

Charset of the payload used in the creation of JWE tokens.

UTF-8

String

Payload

Payload to be used in the JWE token creation.

N/A

String

Use JWK

If enabled, a JWK is expected to verify the JWT token. This option is only available if Verify JWS is selected in the Operation parameter. Use JWK also disables all account options (Secret Key, Private Key, and Public Key parameters) as well as the Key Charset, Key as Base64, and JWS Algorithm parameters.

False

Boolean

JWK

JWK which is used to verify the JWS token.

N/A

String

Fail On Error

If the option is enabled, the execution of the pipeline with an error is suspended; otherwise, the pipeline execution proceeds, but the

False

Boolean