Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Encryption and Signing

JWT - Generator Node

search

Please Note:

JWT - Generator Node

   
Description The JWT - Generator node creates a JSON Web Token (JWT) using the configured claims, signature, and optional encryption settings.
Available in Authentication, Admin, Self Service, API, Consent, Library, Custom, User Defined
Node Name JWT - Generator

Node Configurations

JWT TTL Defines the token lifetime (in seconds). After this time, the token expires.
JWT Claims Allows you to define the claims included in the **token payload**. #### Default Claims flags Each claim can be optionally excluded using the provided flags but by default there are: - **iat**: Issued at - **iss**: Issuer - **sub**: Subject - **exp**: Expiration #### Custom Claims You can add custom claims using the **ADD** button: - **Key**: Claim name - **Value**: Static value or flow variable - **Type**: Data type (String, Number, Boolean, Array, Object)
Choose Signature type Enables signing of the JWT to ensure integrity and authenticity. ### JWK Configuration - **Symmetric Key (Password)**: Uses a shared secret (**HS256, HS384 or HS512**) - **Asymmetric Key**: Uses public/private key pairs (**RSA or EC**)
Symmetric Key #### KID Unique identifier of the key used to sign the token. It is included in the JWT header. #### OCT Algorithm Defines the signing algorithm (e.g., HS256, HS384, HS512). #### Password The secret (for symmetric) or key material (for asymmetric signing). #### JWK JSON representation of the key. Can be auto-generated or manually edited.
Asymmetric Key #### Asymmetric Key Type Can choose between RSA and EC algorithm. #### KID Unique identifier of the key used to sign the token. It is included in the JWT header. #### Key Size In case of RSA key defines the size of the RSA key in bits (e.g., 2048, 4096). #### RSA Algorithm In case of RSA key, specifies the RSA based signing algorithm to use (e.g., RS256, RS384, RS512). #### EC Algorithm In case of EC key, specifies the EC based signing algorithm to use (e.g., ES256, ES384, ES512). #### Curve In case of EC key, defines the elliptic curve used for EC-based cryptographic operations. #### Private Key The private key used to sign the JWT. This key must be kept secure and never exposed publicly. #### Public Key The public key used to verify the JWT signature. It can be safely shared with external systems that need to validate the token.
Choose Encryption type Enables encryption of the JWT (JWE) to add an extra layer of security. ### JWK Configuration - **Symmetric Key (Password)**: Uses a shared secret (**A128KW, A256KW etc.**) - **Asymmetric Key**: Uses public key (**RSA or EC**)
Symmetric Key #### KID Unique identifier of the key used to sign the token. #### OCT Algorithm Defines the signing algorithm (e.g., A128KW, A256KW). #### Password The secret (for symmetric) or key material (for asymmetric signing). #### JWK JSON representation of the key. Can be auto-generated or manually edited.
Asymmetric Key #### Asymmetric Key Type Can choose between RSA and EC algorithm. #### KID Unique identifier of the key. #### Key Size In case of RSA key defines the size of the RSA key in bits (e.g., 2048, 4096). #### RSA Algorithm In case of RSA key, specifies the RSA based encryption algorithm to use (e.g., RSA-OAEP, RSA-OAEP-256). #### EC Algorithm In case of EC key, specifies the EC based encryption algorithm to use (e.g., ECDH-ES, ECDH-ES+A128KW). #### Curve In case of EC key, defines the elliptic curve used for EC-based cryptographic operations. #### Public Key The public key used to verify the JWT signature. #### Public JWK The Public JWK represents the public key in JSON Web Key (JWK) format.

Save in the Flow store

Save in the Flow store Attributes generated or retrieved from the node can be saved **into a variable**. They can then be **reused by other nodes** in the flow by referencing them as `{{variable.attribute}}`. To do this you choose attributes that need to be stored in the variable, and in the flow store (All attributes exposed by the node are listed in a **multi-select dropdown**, allowing the user to choose **one or more** of them), then a **variable name** that can be **freely defined** by the user. There is also a flag to make the variable available to the **frontend**.

Default Output Node

  • True
  • Failure

On this page