GenerateJWTTokenValve
Generates a JSON Web Token, JWT. Typically used in OpenID Connect scenarios.
Properties
Claim
Which claims to be included in the token are controlled by the claims (or tokenattributes) configuration property containing an array of claim objects. A claim object has a name (name of claim), a value (value of claim, supports property expansion) and a type (claim value target type).
Claim value must be expanded to a string but may contain any string encoded json. When value is added to the claim it is converted to the configured type.
Supported types:
- string (default)
- object
- array
- number (double value)
- integer/int
- boolean/bool
- null
Example claim - array of strings:
{
"name": "roles"
"value": "[\"admin\",\"manager\",\"user\"]",
"type": "array"
}
Example claim - objects:
{
"name": "keys"
"value": "{
\"key_1\": \"value_1\",
\"key_2\": \"value_2\",
\"key_3\": \"value_3\",
}",
"type": "object"
}
Example Configuration
{ "name": "GenerateJWTTokenVavle", "enabled": "true", "config": {"subjectattribute" : "{{session.user_id}}", "keystore" : "d2c3094d-f538-4abc-9211-cd26c46606d3","expire_seconds" : "600", "jwt_token_property_name": "id_token","tokenattributes":[{"name":"displayName","value":"{{item.displayName}}"}],} }
Requirements
General information
Token TTL is 90 seconds by default.
Attributes always added to the payload are:
- sub - the user identifier
- iat - Issued at
- nbf - Not before
- exp - Expiration
- jti - Token identifier
Sign algo is RS256.
Dates are formatted according to:
Value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds.
NOTE:
A previously misspelled Valve GenerateJWTTokenVavle, with identical functionality, still exists in the product due to backwards compatibility