Generate JWT Token

---

When to use

Use this policy when you want to generate a JWT token to be sent in the response 

Details

JWT (JSON Web Token) token generation refers to the process of creating a JWT, which is a compact, digitally signed, and self-contained token that securely represents claims between two parties. JWT tokens are commonly used for authentication and authorization purposes in web applications and APIs.

The process of JWT token generation typically involves the following steps:

1. Claims Selection: Determine the claims (information or attributes) that need to be included in the JWT token. These claims can include information like the issuer, subject, expiration time, audience, and custom user-defined claims.
2. Token Payload Creation: Create a JSON object that represents the payload of the JWT token. This payload includes the selected claims, which are typically structured as key-value pairs.
3. Header Creation: Create the header of the JWT token, which contains metadata about the token and the cryptographic algorithms used for signing and verification.
4. Token Signing: Sign the combined header and payload using a digital signature algorithm, such as HMAC (Hash-based Message Authentication Code) or RSA (Rivest-Shamir-Adleman). This ensures the integrity and authenticity of the token.
5. Token Encoding: Encode the signed JWT token as a string using a specific encoding scheme, such as Base64 URL encoding. The resulting encoded token is the JWT token that can be passed between parties.

Once a JWT token is generated, it can be used by clients to authenticate with an application or API. The receiving party can validate the token's signature, verify the claims, and make authorization decisions based on the information contained within the token.

It's worth noting that the specific implementation and libraries used for JWT token generation may vary depending on the programming language or framework being used.

To learn about the parts of a JWT and how they are encrypted and signed, refer to RFC7519.

Configuration

The configuration fields for the policy are:

[* Indicates a mandatory field]

Name *: Display name of the policy

Description: Description of policy

Enabled: Flag to indicate if the policy is enabled. If this field is not checked, the policy will be ignored at runtime and any fields from its output will contain a default initial value

Continue on Error: Flag to indicate that the flow should continue even if this policy throws an error

Algorithm: Specifies the algorithm to be used for token signature

Expires In: The time duration for which the claim will remain valid. This field specifies after what time the token will expire or become invalid.

Expiry Unit: Specifies the unit of time. The possible values are seconds, minutes and hours.

Subject: The "sub" (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique. The processing of this claim is generally application specific. The "sub" value is a case-sensitive string containing a StringOrURI value. Use of this claim is OPTIONAL.

Issuer: This value identifies the principal that issued the JWT. The processing of this claim is generally application specific. This value is a case-sensitive string containing a StringOrURI value.