JWT
The purpose of the JWT Step is to help to retrieve data from JWT token, validate JWT token or sign data to be used as JWT token.
This video demonstrates, how JWT token can be retrieved, validated and signed.
Parameters
caution
At the moment ACE workspace variables do not support multi line parameters, therefore, private key and public key, if stored in ACE workspace variables should be first escaped of newline characters.
Common
Target path- name of the node in thedoc, where contents of the JWT token will be stored.JSON path- node path in thedoc, where from JWT token to be decoded will be loaded from.
Retrieving
note
Please note that decoding of JWT token values does not verify if the token has valid signature. You may want to validate token, before actually using values encoded...
Mode- decode
Validating
Mode- verifyAlgorithm- validation methodHS265|RS256. Please refer to JWT spec to understand the differences. Consult party that have generated JWT token to understand, which algorithm has to be used to verify the token.Public key(RS256) - public key to validate the token. The best practice is to store the key in the Settings and reference by variable name here. Key should not contain newlines. Use https://www.freeformatter.com/json-escape.html to escape the string before using it in the settings.Salt(HS256) - secret used to sign the token
note
Please note that when the token is not valid an error is thrown that then in next steps can be used to determine whether they should be executed. If you wish to stop execution of flow and return an error - we recommend using Catch step
Signing
Mode- signAlgorithm- validation methodHS265|RS256. Please refer to JWT spec and JWT Playground to understand the differences. The algorithm used should be present in the JWT header, otherwise consult with the signing party regarding the algorithm used.Private key(RS256) - private key to sign the token. The best practice is to store the key in the Settings and reference by variable name here. Key should not contain newlines. Use https://www.freeformatter.com/json-escape.html to escape the string before using it in the settings.Salt(HS256) - secret to use when signing the tokenData- token payload in JSON formatExpires in- time in seconds for which the token should be valid
Examples
Variables in settings:
"RSA_PRIVATE_KEY": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIEpAIBAAKCAQEAiHYUfiFmjfCcXYTZwNqIY3HjglgriqYCbR9lH6kHigk2dJTh\r\nsFCpfnhjx\/9ByzzZLpIPNdaDRhdS3XVIOk\/W1ivrPW7wg7kzYgrVxyAGyZdAc89R\r\n9eRbj180jLEKRKvyzRAPCcNmtQRdO7WQth4v67aurES0iIglTzj36r7etKaUPEZK\r\n7ETMU2\/H8TiODthvHkjKRvQaoFkZOTdL6DMTka+DBcdIx23WG8ibiSTYgpcDMgKF\r\nsS+sWXEvExkIJHOD9u2gOX33Zh8a19S4nCa1FbZK\/sLEw77bHyy5ePqDX5oZ+D3A\r\nk5Ir5G0sgjkdjiJ1bFA1pSz0HzDziK12XDTGkQIDAQABAoIBADfbbaP7dAkhtj+p\r\ng6CnUzCxi5jtElWcgl28fh4piEZ+YuXxkzgirF5yVRWmbH4OmC+x5bv55J4qKecw\r\nfLIxwBTGwXHSGW0xv9Cf8sWhXGXkHaPJ9xiZssjLBa2ZQkS9xZMewakTbNUnxioM\r\ntgF19dOcYX9uWB+S6wK0pPZXzr1O3i5IryxFUSpzKn9ijcWXk4jFnoqEcXASXUK+\r\n64aEGSqsKMVuLDuU14hF\/zM7MF2G1mIGIkJSMgT58Azo25SNTdJsQrkoo0CawpNb\r\nH4oqiLH6jgiOh93lQ+JuOSVwbvz4r3ljFQrXpfwOY2pc1g5u7RzzdFhNPeflnBrF\r\n4M8tJmkCgYEA5PEtWqWth1hWqUeRbHOLPNZJaX203VqF1XgjE\/+N1rzdZujbRXoB\r\nOt4R1TsuExOGrIUOVDcC0RzJxo5WJr2cksYpV6n86zNYt6kZKfeQ6aUD4HSHmqMl\r\nrDmpwWQ5YXRXQLiQGsLck7vZpSyNMbulJ7rNaO7z2P27Ncs1l\/MCDT8CgYEAmJbS\r\nf1qlQ8y8M0UxgzX6+4BPKfhNudxqVh+XR3M7cnmAN56oxrnXYblz5wZ214U\/00eV\r\nWjiv2\/N1rfbeF6ZPo2Ev4RAchJmNgABRhrDbUQ5fi3jDFzppLyDjEifdDRoVBNwG\r\nc1pLH\/8A5XC7qcDrxwFECFuWePcriPHXHJodqC8CgYEAqYN9zmlv9A\/PkuV\/4qom\r\nxXPwxWAjY+Zbw\/SBHJSS5BXRZRozCN1OPdUhpR19fvhtNh4KvwZAWq8TI6ZOWb75\r\nSJ\/bCqK9tzS8krhs\/mrk7GqXVUFTCoeUJFJJw\/y+k879r9k4MehoRCbJ\/wfev50t\r\nqx4ga3rKKLeuPyVoWErBEScCgYAzU8B44GfpF4xS\/rp59YV4Zh+68XBLzc3jLHs5\r\nqJRdnGs5yl\/hgQ\/nKnfHRZBiTMs8ab7ee2UEaq+yFfF9KQ9u2Lk\/TqkZHYHQhcrm\r\nsMUFTf1rr\/KH9Lj\/BmP7bndX+ecKHGz7Dmto1uFZTIODxYZKCa311cEW7aWySg9e\r\n6qSBNwKBgQC2YJ515t\/tiIwl\/w2IO43ucit1k7KN24IzHwaqbW+itwHlYKe0DlU0\r\nqIM\/hfgvp8UchAsF4C6ektbI7j8Uw0iFOMHOKYqCJiSGiB08PNwNlvPD0i\/rYagE\r\noQBwx2Cuq6S4\/Cj2ldWgRqc\/c2HHW7z9VVsKFH90PYAkJ6lBwuR9\/g==\r\n-----END RSA PRIVATE KEY-----",
"RSA_PUBLIC_KEY": "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHYUfiFmjfCcXYTZwNqI\r\nY3HjglgriqYCbR9lH6kHigk2dJThsFCpfnhjx\/9ByzzZLpIPNdaDRhdS3XVIOk\/W\r\n1ivrPW7wg7kzYgrVxyAGyZdAc89R9eRbj180jLEKRKvyzRAPCcNmtQRdO7WQth4v\r\n67aurES0iIglTzj36r7etKaUPEZK7ETMU2\/H8TiODthvHkjKRvQaoFkZOTdL6DMT\r\nka+DBcdIx23WG8ibiSTYgpcDMgKFsS+sWXEvExkIJHOD9u2gOX33Zh8a19S4nCa1\r\nFbZK\/sLEw77bHyy5ePqDX5oZ+D3Ak5Ir5G0sgjkdjiJ1bFA1pSz0HzDziK12XDTG\r\nkQIDAQAB\r\n-----END PUBLIC KEY-----"
Retrieving
Input doc:
{
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaGVsbG8iOiJ3b3JsZCIsImFkbWluIjp0cnVlLCJpYXQiOjE1MTYyMzkwMjJ9.PR7ktuP9QgdNnRLpoe2-ocYEtIC2A3T46y2m7KpcVAor3eB-d-o3yrLaNhX2J18OXoVFgtwaz4BCVY2jcACCkCUstzog16lHVYDIuSbtTVcMPga8izZzSnw4BzhAr8MasuiVrFHMxTjSysHRrwJxB2UE-sS0uhtnVyZITKK8y2_1xiiBW-mkptHtlfU_EaOCG5IbDsjYYvhTLaPF-E_-K4VD4FZexRzizElI_HYVd8ZE3EF7pWONJoFKiFSVfFoheC-GGGBKQoASLXt13loIhjuqPhc6LXozqxJhl_SgBkTCxdEUHOfJGdmzKXYHVY1v0yc5_zYNmY3rr-qv99e4TA"
}
Step configuration:
{
"targetPath": "data",
"mode": "decode",
"token": "{{token}}"
}
Output doc:
{
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaGVsbG8iOiJ3b3JsZCIsImFkbWluIjp0cnVlLCJpYXQiOjE1MTYyMzkwMjJ9.PR7ktuP9QgdNnRLpoe2-ocYEtIC2A3T46y2m7KpcVAor3eB-d-o3yrLaNhX2J18OXoVFgtwaz4BCVY2jcACCkCUstzog16lHVYDIuSbtTVcMPga8izZzSnw4BzhAr8MasuiVrFHMxTjSysHRrwJxB2UE-sS0uhtnVyZITKK8y2_1xiiBW-mkptHtlfU_EaOCG5IbDsjYYvhTLaPF-E_-K4VD4FZexRzizElI_HYVd8ZE3EF7pWONJoFKiFSVfFoheC-GGGBKQoASLXt13loIhjuqPhc6LXozqxJhl_SgBkTCxdEUHOfJGdmzKXYHVY1v0yc5_zYNmY3rr-qv99e4TA",
"data": {
"sub": "1234567890",
"hello": "world",
"admin": true,
"iat": 1516239022
}
}
Encoding
Input doc:
{
"secret": "token-password",
"data": {
"userId": 123,
"role": "admin"
}
}
Step configuration:
{
"targetPath": "token",
"secret": "{{secret}}",
"mode": "sign",
"json": "{{data}}",
"targetPath": "token",
"expiresIn": "60s"
}
Output doc:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqc29uIjp7InVzZXJJZCI6MTIzLCJyb2xlIjoiYWRtaW4ifSwiaWF0IjoxNjMzMDk1OTQ2LCJleHAiOjE2MzMwOTYwMDZ9.KOZuxd8Et_3i8kC7S1s8KcKp0Nfd56wstBADo7gwMjQ"
}