JWT (Deprecated)
Discover more about the JWT component and how to use it on the Digibee Integration Platform.
Last updated
Was this helpful?
Discover more about the JWT component and how to use it on the Digibee Integration Platform.
Last updated
Was this helpful?
JWT creates JWS and JWE as well as JWS verification and JWE decodification.
Take a look at the configuration parameters of the component. Parameters supported by are marked with (DB).
Operation
"Generate JWS" creates JWS tokens. "Generate JWE" creates JWE tokens. "Verify JWS" verifies a JWS token signature and "Decode JWE" decrypts the JWS token and returns this token payload.
Generate JWS
String
Public Key
PUBLIC-KEY account type used to sign JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to encrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.
N/A
String
Private Key
PRIVATE-KEY account type used to verify JWS tokens with the following algorithms: RS256, RS384, RS512, PS256, PS384, and PS512. Also used to decrypt JWE tokens with the following algorithms: RSA1_5, RSA-OAEP, and RSA-OAEP-256. The public key must be an RSA-type one and derived from a private key of at least 2048 bits.
N/A
String
Secret Key
SECRET-KEY account type used to sign JWS tokens with the following algorithms: HS256, HS384, and HS512. Also used to encrypt and decrypt JWE tokens with the following algorithms: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, and A256GCMKW.
N/A
String
Key as Base64
If enabled, the Secret Key account must be in base64 format; otherwise, it must contain the value of the key to be used.
False
Boolean
Key Charset
If the Key as Base64 property is enabled, the key charset must be informed.
UTF-8
String
JWS Algorithm
Algorithms used to sign and verify JWS tokens: HS256, HS384, HS512, RS256, RS384, RS512, PS256, PS384, and PS512.
HS256
String
JWE Algorithm
Algorithms used to encrypt and decrypt JWE tokens: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW, RSA1_5, RSA-OAEP, and RSA-OAEP-256.
RSA-OAEP
String
Encrypted Payload Algorithm
Algorithms used to encrypt and decrypt the payload of JWE tokens, namely: A128KW, A192KW, A256KW, and A256GCM.
A128KW
String
Issuer (iss)
A claim "iss" (issuer) identifies the main one that issued JWT. This claim processing is generally specific from the application. This claim is optional.
N/A
String
Expiration Time (exp)
A claim "exp" (expiration time) identifies the expiration time in which or after which JWT cannot be accepted for processing. The processing of the “exp” request demands the date / time to be previous to the expiration date / time listed in the “exp” request. This claim is optional.
N/A
Integer
Issued at (iat)
A claim "iat" (Issued at) identifies the time when JWT was issued. The statement can be used to determine the JWT age. Its value must be a number. This claim is optional.
N/A
Integer
Subject (sub)
A claim "sub" (subject) identifies the JWT subject. The statements in a JWT are usually about the subject. The subject value must locally exclusive in the issuer context or globally exclusive. The processing of this claim is generally specific from the application. This claim is optional.
N/A
String
Token Id (jti)
The claim "jti" (JWT ID) provides an exclusive identifier for JWT. The identifier value must be given to minimize the chances of the same value to be accidentally assigned to an object of different data. If the application uses multiple issuers, the collisions MUST be also avoided between the values produced by different issuers. The claim “jti” can be used to avoid JWT to be repeated. This claim is optional.
N/A
String
Audience (aud)
Single value. The claim "aud" (public) identifies the JWT recipients. Each principal that intends to process JWT MUST identify itself with a value inside the claim reivindication. If the one responsible for the claim processing doesn’t identify itself with a value in the claim “aud” when this claim is present, JWT MUST be declined. This claim is optional.
N/A
String
Not Before (nbf)
The claim "nbf" (not before) identifies the time before which JWT CAN’T be accepted for processing. The “nbf” complaint processing demands the current date / time to be previous or equal to the date / time listed in the “nbf” complaint. The implementers CAN predict a small safety margin - generally no more than a few minutes - to compensate the distortion in the timer. Its value must be a number. This claim is optional.
N/A
Integer
Custom Claims
To specify custom claims, just inform the key (name of the claim) and the claim value.
N/A
Key-value
Custom Headers
To specify custom headers, just inform the header key and value in the respective fields.
N/A
Key-value
JWE
Field to inform the JWE token.
N/A
String
JWS
Field to inform the JWS token.
N/A
String
Payload Charset
Charset of the payload used in the creation of JWE tokens.
UTF-8
String
Payload
Payload to be used in the JWE token creation.
N/A
String
Use JWK
If enabled, a JWK is expected to verify the JWT token. This option is only available if Verify JWS is selected in the Operation parameter. Use JWK also disables all account options (Secret Key, Private Key, and Public Key parameters) as well as the Key Charset, Key as Base64, and JWS Algorithm parameters.
False
Boolean
JWK
JWK which is used to verify the JWS token.
N/A
String
Fail On Error
If the option is enabled, the execution of the pipeline with an error is suspended; otherwise, the pipeline execution proceeds, but the
False
Boolean
No specific input message is expected. All it takes is to fill the required fields of each operation.
For the "Generate JWS" operations:
For the “Generate JWE" operations:
For the “Verify JWS" operations:
For the “Decode JWE" operations: