This adapter generates, verifies, and processes JSON WebTokens.
Name of the adapter up to version 5.5.4: JSON WebToken
Properties
|
|
Operation executed by the adapter Possible values:
|
Parameters
The following parameters are required for the above operations:
|
|
CreateJWT |
Verify |
CreateXML |
|---|---|---|---|
|
algorithm |
required |
required |
required |
|
useServerSecret |
|
required if |
|
|
useSecretAsPublicKey |
|
required if |
|
|
secret |
|
required if |
|
|
keystoreUrl |
required |
|
required |
|
keystoreType |
required |
|
required |
|
keystorePassword |
required |
|
required |
|
keyAlias |
required |
|
required |
|
keyPassword |
required |
|
required |
|
|
Algorithm used for the operation Possible values:
|
|
|
Only relevant for HMAC algorithms. Specifies whether to use an embedded server secret or a custom server secret. Possible values:
|
|
|
Only relevant for RSA and ECDSA algorithms. Specifies whether the value of the Possible values:
|
|
|
Only relevant for HMAC algorithms. Password used to encrypt or decrypt a token. Possible values: Base64 encrypted password |
|
|
URL to the keystore containing the RSA/ECDSA key pair Possible values: URL to a keystore The keystore must be supported by the Java Security API, such as JKS or PKCS#12. |
|
|
Type of keystore containing the RSA/ECDSA key pair Possible values: Type of keystore, such as |
|
|
Password of the keystore containing the RSA/ECDSA key pair Possible values: Password |
|
|
Alias of the asymmetric key used for RSA/ECDSA algorithms Possible values: Alias of the key used |
|
|
Password of the asymmetric key used for RSA/ECDSA algorithms Possible values: Password of the key used |
Status values
|
|
The adapter operation was successful.
|
|
|
An error occurred while running the adapter:
|
|
|
The token has expired. This status value is returned only by the |
Input
Depending on the operation, the adapter expects different inputs:
-
-
CreateJWToperation: An XML document is expected which has the following format:
-
-
The header types
type(parameter:keystoretype) andalg(parameter:algorithm) are set by the adapter. -
Do not use claims with duplicated names.
The Header element is optional and can be declared as required. For example, Microsoft Azure expects a header declaration.
Sample input
<?xml version="1.0" encoding="UTF-8">
<TokenContent>
<Headers>
<Header name="x5t">hOBcHZi846VCHSJbFAs26Go9VTQ=</Header>
<Header name="kid">vdgdINF455FBKWDSEF5gdrgddgg=</Header>
</Headers>
<Subject name="sub" type="String">1234567890</Subject>
<ExpiresAt name="exp" type="Integer">1577750400</ExpiresAt>
<NotBefore name="nbf" type="Integer">946684800</NotBefore>
<Id name="jti" type="String">007</Id>
<Claims>
<Claim name="name" type="String">John Doe</Claim>
<Claim name="admin" type="boolean">true</Claim>
</Claims>
</TokenContent>
For additional information about the claims that are being used and their XML objects, see iana.org. For unreserved claims, the names can be assigned as desired, but they cannot be the same as previously reserved claims such as bsp. or exp.
The values String , Boolean , Integer, Long , and Double are available as types.
The ExpiresAt, NotBefore, and IssuedAt elements are expected to be in Unix time format.
-
VerifyandCreateXMLoperations: A JSON WebToken is expected that can come from an intermediate step or be passed as a text file (.txt).
Output
Depending on the operation, the adapter returns different results:
-
CreateJWToperation: There is a JSON WebToken in the output. -
Verifyoperation: If the JWT is valid, it will be returned. -
CreateXMLoperation: The output contains the XML document for the JSON WebToken.