This adapter generates, verifies and processes JSON WebTokens.
Former name of the adapter until version 5.5.4: JSON WebToken
Properties
|
|
Defines the operation executed by the adapter Possible values:
|
Parameters
The following parameters are required for the above operations:
|
|
CreateJWT |
Verify |
CreateXML |
|---|---|---|---|
|
algorithm |
required |
required |
required |
|
useServerSecret |
|
required if |
|
|
useSecretAsPublicKey |
|
required if |
|
|
secret |
|
required if |
|
|
keystoreUrl |
required |
|
required |
|
keystoreType |
required |
|
required |
|
keystorePassword |
required |
|
required |
|
keyAlias |
required |
|
required |
|
keyPassword |
required |
|
required |
|
|
Adapter main class (do not change!) Possible values: de.softproject.integration.adapter.json.webtokenJSONWebTokenAdapter: Main class (default) |
|
|
Algorithm used for the operation Possible values:
|
|
|
Only relevant for HMAC algorithms. Specifies if an integrated server secret or a custom server secret is used. Possible values:
|
|
|
Only relevant for RSA and ECDSA algorithms. Determines if the value of the parameter Possible values:
|
|
|
Only relevant for HMAC algorithms. Password used to encrypt or decrypt a token. Possible values: Base64 encoded password |
|
|
URL to the keystore that contains the RSA/ECDSA key pair Possible values: URL to a keystore The keystore must be supported by the Java Security API, e.g. JKS or PKCS#12.
|
|
|
Type of the keystore that contains the RSA/ECDSA key pair Possible values: Type of the keystore, e.g. |
|
|
Password of the keystore that contains the RSA/ECDSA key pair Possible values: Password |
|
|
Alias of the asymmetric key used for RSA/ECDSA algorithms Possible values: Alias of the used key |
|
|
Password of the asymmetric key used for RSA/ECDSA algorithms Possible values: Password of the used key |
Status values
|
|
The adapter operation was executed successfully:
|
|
|
An error occurred during the execution of the adapter:
|
|
|
The token is expired. This status value is only output by the operations
|
Input
The adapter expects different inputs depending on the operation:
-
Operation
CreateJWT: An XML document with the following format is expected:-
The Header types
typ(parameter:keystoretype) andalg(parameter:algorithm) is set by the adapter. -
Do not use claims with duplicated names.
The Header element is optional and can be declared when needed. For example, Microsoft Azure expects a header declaration.
XML<?xml version="1.0" encoding="UTF-8"> <TokenContent> <Headers> <Header name="x5t">hOBcHZi846VCHSJbFAs26Go9VTQ=</Header> <Header name="kid">vdgdINF455FBKWDSEF5gdrgddgg=</Header> </Headers> <Subject name="sub" type="String">1234567890</Subject> <ExpiresAt name="exp" type="Integer">1577750400</ExpiresAt> <NotBefore name="nbf" type="Integer">946684800</NotBefore> <Id name="jti" type="String">007</Id> <Claims> <Claim name="name" type="String">John Doe</Claim> <Claim name="admin" type="boolean">true</Claim> </Claims> </TokenContent>
For additional information on the claims to be used and their XML objects, see iana.org. For non-reserved claims, the names can be arbitrary, but they must not be the same as already reserved claims such as
bsp.orexp.
The values
String,Boolean,Integer,LongandDoubleare available astype.
The elements
ExpiresAt,NotBeforeandIssuedAtexpect information in Unix time format.
-
-
Operations
VerifyandCreateXML: A JSON WebToken is expected, which can be taken from an intermediate step or passed as a text file (.txt).
Output
The adapter outputs different results depending on the operation:
-
Operation
CreateJWT: A JSON WebToken is stored in the output -
Operation
Verify: If the JWT is valid, it is output -
Operation
CreateXML: The XML document for the JSON WebToken is stored in the output