This document describes how to issue and verify JWT tokens n a block coding method.
Index
About JWT
JWT Block
•
Issue and verify JWT through blocks in Authorization > JWT Block category.
1) JWT Token Issuance Blockset
•
Issue and return the JWT token.
No. | Function |
1 | Specify the Hash algorithm of Jwt Token. |
2 | Register Secret Key or Certificate for Jwt issuance. |
3 | Register Jwt's information (claim). |
2) JWT Token Verification Blockset
•
Returns information by verifying the JWT token.
No. | Function |
1 | Specify the Hash algorithm of Jwt Token. |
2 | Register a Secret Key or certificate for Jwt verification. |
3 | Register Jwt's information (claim). |
JWT Setting Block
1) JWK
•
JWK is a standard for JSON object containing various information for expressing encryption key with Jason Web Key.
No. | Function |
1 | Register certificate information for JWT issuance. |
2 | Register the JWT encryption key. |
2) Header
•
Specify the algorithm type of the token through the Jwt Header block.
•
Click the button to add or delete algorithm types
button to add or delete algorithm types•
The supported types include HS256, HS384, HS512, RS256, RS384, and RS512.
3) Payload
•
Payload contains Jwt's information(claim).
•
Claim is specified to contain information about tokens. All are optionally available (optional) but are recommended to be used as much as possible.
•
If a separate claim is added, add it to the add claim in the form of HashMap.
Menu | Content | Data Type | Default |
issuer | JWT issuer | string | - |
subject | JWT Title | string | - |
audience | JWT target | string(ArrayList) | - |
experation | Enter JWT expiration time in Unix Timestamp format | integer | - |
not before | The Token is not processed until it is entered in Unix Timestamp format | integer | null |
jwtid | JWT unique identifier used for purpose of preventing duplication
Used for one-time tokens | string | - |
Example of JWT Token Block
1) JWT Token Issuance
2) JWT Token Verification
•
The issued token is checked whether the token is valid with the verification API as shown below.
No. | Function |
1 | Configure the block to put the token in the request data. |
2 | Extract token information from request data using Fetch and Get HashMap Variable blocks. |
3 | Put the extracted token in a variable and proceed with verification with the Jwt token Verify block. |
4 | Token information is returned if the entered token passes the verification. |
5 | An 'Unsupported input' exception message is returned if the token is incorrectly entered or not entered. |
6 | An 'The token expired' exception message is returned if an expired token has been entered. |
The token's verification results and information also can be checked with the issued JWT token and Secret Key at jwt.io .
