Integrations
Table of contents

JSON web token

This family groups a set of actions related to JSON Web Tokens, the standard RFC 7519 method for representing claims securely between two parties.

Sign JSON web token

This action generates a JSON web token that can be created with both symmetric and asymmetric algorithms.

Input settings

Parameter Description
ID (required) Flow action ID. It can be used to reference output property values of this action.
Alias Short description of the action that will be displayed in the flow overview.
Secret or private key (required) String containing either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA to create the JSON web token.
Algorithm (required) List of symmetric and asymmetric algorithms that can be used to encode the data.
Payload Data to encode. We recommend to format it according to OpenID standards.
Subject Use it to identify the principal that is the subject of the JWT.
Issuer Use it for the principal that issued the JSON web token (eg. sso.arengu.com).
Audience Use it to provide the recipients that the JWT is intended for (eg. admin.arengu.com).
Expires in Validity time. The time it takes for the JWT to expire.

Output object

Property Type Description
token String JSON web token generated from the selected algorithm.

Output object example

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NSIsIm5hbWUiOiJKYW5lIERvZSIsImZhbWlseV9uYW1lIjoiRG9lIiwiZ2l2ZW5fbmFtZSI6IkphbmUiLCJpYXQiOjE2MDU3OTc1MzcsImV4cCI6MTYwNTc5NzgzN30.nc0VzOokhh6XCF0gIEXEC-s2nq6ZbWaHikmjvQMyoyc"
}

Verify JSON web token

This action verifies the JSON web token data, to check if it remains intact or has been modified, in order to guarantee its authenticity.

Input settings

Parameter Description
ID (required) Flow action ID. It can be used to reference output property values of this action.
Alias Short description of the action that will be displayed in the flow overview.
Token (required) JSON web token string that will be verified.
Secret or public key (required) String containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA to verify the JSON web token.
Issuer Use it for the principal that issued the JSON web token (eg. sso.arengu.com).
Audience Use it to provide the recipients that the JWT is intended for (eg. admin.arengu.com).

Output object

Property Type Description
valid Boolean This property indicates whether the JWT has remained unchanged:
  • TRUE: If it corresponds exactly to the source encoded data.
  • FALSE: If the source encoded data has been modified.
header String It includes the algorithm with which the data has been encoded and the type of token generated (JWT).
payload String The properties that the user has defined in the payload field of the Sign JWT action, automatically including 'iat' (issued at) and 'exp' (expires at).
signature String The hash generated from the payload and the private key that guarantees that the components have not been modified.

Output object example

{
  "valid": true,
  "header": {
    "alg": "HS256",
    "typ": "JWT"
  },
  "payload": {
    "sub": "12345",
    "name": "Jane Doe",
    "family_name": "Doe",
    "given_name": "Jane",
    "iat": 1605798012,
    "exp": 1605798312
  },
  "signature": "0zdubCQp_6zBhA5Mg8lkr-zj2Zk9SRTj5z_dWtridC0"
}