JWT functions in Jitterbit Integration Studio
Introduction
JSON Web Token (JWT) functions allow for the creation, verification, and decoding of JWTs. For more information on the JWT specification, refer to IETF RFC 7519: JSON Web Token (JWT).
Note
An alternative to using JWT functions is to use Jitterbit's JWT connector.
CreateJwtToken
Declaration
string CreateJwtToken(string header, string payload[, string private_key, string public_key])
Syntax
CreateJwtToken(<header>, <payload>[, <private_key>, <public_key>])
Required parameters
header
: A JSON string containing any expected header values for thealg
,typ
,cty
, andkid
keys. Thes key-value pairs are case insensitive. All other key-value pairs will be ignored. Supported algorithms includeHS256
,HS384
,HS512
,PS256
,PS384
,PS512
,RS256
,RS384
,RS512
,ES256
,ES256K
,ES384
,ES512
,EdDSA
, andNone
. If a value foralg
is unrecognized, it will be set toNone
. If a value fortyp
is unrecognized, it will be set toJWT
.payload
: A JSON string containing any expected payload values representing JWT claims. All key-value pairs will be treated as a valid claim. If claims likeaud
support multiple values, they can be defined as a comma-delimited string, for exampleaudience1, audience2, audience3
. Supported registered claims includeiss
,sub
,aud
,exp
,nbf
,iat
, andjti
. Forexp
,nbf
, andiat
to be treated as registered claims, they must be set using integer value (1234567890
, not"1234567890"
).
Optional parameters
private_key
: A string private key for the algorithm specified in theheader
. If theNone
algorithm is used, this field is ignored.public_key
: A string public key for the algorithm specified in theheader
. If theNone
,HS256
,HS384
, orHS512
algorithms are used, this field is ignored.
Description
Creates a JWT using the supplied information. On success, a string representing the newly created token is returned; otherwise, any error messages are returned.
Only the first two parameters are required for all cases. The remaining parameters are situational and may be required based on the chosen JWT algorithm.
Important
This function requires agent version 11.26 or later.
Examples
// Define the JWT header:
$header = '{"alg": "None", "typ": "JWT"}';
// Define the JWT payload:
$payload = '{"iat": 1234567890, "name": "Example", "test": "Test"}';
CreateJwtToken($header, $payload, "", "");
// Define the JWT header:
$header = '{"alg": "RS256", "typ": "JWT"}';
// Define the JWT payload:
$payload = '{"iat": 1234567890, "name": "Example", "test": "Test"}';
$privateKey = "-----BEGIN RSA PRIVATE KEY-----...";
$publicKey = "-----BEGIN PUBLIC KEY-----...";
CreateJwtToken($header, $payload, $privateKey, $publicKey);
VerifyJwt
Declaration
bool VerifyJwt(string token)
Syntax
VerifyJwt(<token>)
Required parameters
token
: A string representing the JWT.
Description
Checks if the supplied token is a valid JWT token and returns a boolean (true
or false
) based on the result. This function verifies the token's formatting only, see VerifyJwtClaims
for a more comprehensive claims verification.
Important
This function requires agent version 11.26 or later.
Examples
// Check if a token is in JWT format:
VerifyJwt("AxE9qm4aTZiXvA2G8sblAxjeL...");
VerifyJwtClaims
Declaration
bool VerifyJwtClaims(string token, string algorithm, string key[, string claims])
Syntax
VerifyJwtClaims(<token>, <algorithm>, <key>[, <claims>])
Required parameters
token
: A string representing the JWT.algorithm
: The algorithm used for claims verification.key
: The secret key used for claims verification.
Optional parameters
claims
: A JSON string containing the claims to be verified.
Description
Verifies if the supplied token's claims are valid (not modified) given the supplied algorithm and secret key and returns a boolean (true
or false
) based on the result. If the token itself is not valid, false
is returned without checking the claims. If no claims are supplied, this function instead acts like the VerifyJwt
function, ignoring the algorithm and secret key.
Caution
Claim values supplied for verification must match the original data types used. For example, "iat": "1234567890"
is not equal to "iat": 1234567890
.
If using agent version 11.26, VerifyJwtClaims
will generate errors if claims
is left empty. As a workaround, enter "{}"
for claims
.
Important
This function requires agent version 11.26 or later.
Examples
// Verify JWT claims:
VerifyJwtClaims("AxE9qm4aTZiXvA2G8sblAxjeL...", "RS256", "Secret", '{"iat": 1234567890, "name": "Example", "test": "Test"}');
// Empty claims workaround:
VerifyJwtClaims("AxE9qm4aTZiXvA2G8sblAxjeL...", "RS256", "Secret", "{}");
DecodeJwtToken
Declaration
string DecodeJwtToken(string token)
Syntax
DecodeJwtToken(<token>)
Required parameters
token
: A string representing the JWT.
Description
Decodes the supplied token to retrieve its claims. On success, a string containing the decoded claims is returned. If the token is not valid, an empty string is returned. Otherwise, any error messages are returned.
Important
This function requires agent version 11.26 or later.
Examples
// Decode a JWT token:
DecodeJwtToken("AxE9qm4aTZiXvA2G8sblAxjeL...");
GetJwtHeader
Declaration
string GetJwtHeader(string token)
Syntax
GetJwtHeader(<token>)
Required parameters
token
: A string representing the JWT.
Description
Retrieves the header from the JWT. On success, a string containing the header is returned. If the token is not valid, an empty string is returned.
Important
This function requires agent version 11.26 or later.
Examples
// Retrieve a JWT header:
GetJwtHeader("AxE9qm4aTZiXvA2G8sblAxjeL...");
GetJwtPayload
Declaration
string GetJwtPayload(string token)
Syntax
GetJwtPayload(<token>)
Required parameters
token
: A string representing the JWT.
Description
Retrieves the payload from the JWT. On success, a string containing the payload is returned. If the token is not valid, an empty string is returned.
Important
This function requires agent version 11.26 or later.
Examples
// Retrieve a JWT payload:
GetJwtPayload("AxE9qm4aTZiXvA2G8sblAxjeL...");
GetJwtSignature
Declaration
string GetJwtSignature(string token)
Syntax
GetJwtSignature(<token>)
Required parameters
token
: A string representing the JWT.
Description
Retrieves the signature from the JWT. On success, a string containing the signature is returned. If the token is not valid, an empty string is returned.
Important
This function requires agent version 11.26 or later.
Examples
// Retrieve a JWT signature:
GetJwtSignature("AxE9qm4aTZiXvA2G8sblAxjeL...");