Skip to Content

JWT functions in Jitterbit Integration Studio

Introduction

JSON Web Token (JWT) functions allow for the creation, verification, and decoding of JWTs. For more information on the JWT specification, refer to IETF RFC 7519: JSON Web Token (JWT).

Note

An alternative to using JWT functions is to use Jitterbit's JWT connector.

CreateJwtToken

Declaration

string CreateJwtToken(string header, string payload[, string private_key, string public_key])

Syntax

CreateJwtToken(<header>, <payload>[, <private_key>, <public_key>])

Required parameters

  • header: A JSON string containing any expected header values for the alg, typ, cty, and kid keys. Thes key-value pairs are case insensitive. All other key-value pairs will be ignored. Supported algorithms include HS256, HS384, HS512, PS256, PS384, PS512, RS256, RS384, RS512, ES256, ES256K, ES384, ES512, EdDSA, and None. If a value for alg is unrecognized, it will be set to None. If a value for typ is unrecognized, it will be set to JWT.
  • payload: A JSON string containing any expected payload values representing JWT claims. All key-value pairs will be treated as a valid claim. If claims like aud support multiple values, they can be defined as a comma-delimited string, for example audience1, audience2, audience3. Supported registered claims include iss, sub, aud, exp, nbf, iat, and jti. For exp, nbf, and iat to be treated as registered claims, they must be set using integer value (1234567890, not "1234567890").

Optional parameters

  • private_key: A string private key for the algorithm specified in the header. If the None algorithm is used, this field is ignored.
  • public_key: A string public key for the algorithm specified in the header. If the None, HS256, HS384, or HS512 algorithms are used, this field is ignored.

Description

Creates a JWT using the supplied information. On success, a string representing the newly created token is returned; otherwise, any error messages are returned.

Only the first two parameters are required for all cases. The remaining parameters are situational and may be required based on the chosen JWT algorithm.

Important

This function requires agent version 11.26 or later.

Examples

Example Using None
// Define the JWT header:
$header = '{"alg": "None", "typ": "JWT"}';

// Define the JWT payload:
$payload = '{"iat": 1234567890, "name": "Example", "test": "Test"}';

CreateJwtToken($header, $payload, "", "");
Example Using RS256
// Define the JWT header:
$header = '{"alg": "RS256", "typ": "JWT"}';

// Define the JWT payload:
$payload = '{"iat": 1234567890, "name": "Example", "test": "Test"}';

$privateKey = "-----BEGIN RSA PRIVATE KEY-----...";
$publicKey = "-----BEGIN PUBLIC KEY-----...";

CreateJwtToken($header, $payload, $privateKey, $publicKey);

VerifyJwt

Declaration

bool VerifyJwt(string token)

Syntax

VerifyJwt(<token>)

Required parameters

  • token: A string representing the JWT.

Description

Checks if the supplied token is a valid JWT token and returns a boolean (true or false) based on the result. This function verifies the token's formatting only, see VerifyJwtClaims for a more comprehensive claims verification.

Important

This function requires agent version 11.26 or later.

Examples

// Check if a token is in JWT format:
VerifyJwt("AxE9qm4aTZiXvA2G8sblAxjeL...");

VerifyJwtClaims

Declaration

bool VerifyJwtClaims(string token, string algorithm, string key[, string claims])

Syntax

VerifyJwtClaims(<token>, <algorithm>, <key>[, <claims>])

Required parameters

  • token: A string representing the JWT.
  • algorithm: The algorithm used for claims verification.
  • key: The secret key used for claims verification.

Optional parameters

  • claims: A JSON string containing the claims to be verified.

Description

Verifies if the supplied token's claims are valid (not modified) given the supplied algorithm and secret key and returns a boolean (true or false) based on the result. If the token itself is not valid, false is returned without checking the claims. If no claims are supplied, this function instead acts like the VerifyJwt function, ignoring the algorithm and secret key.

Caution

Claim values supplied for verification must match the original data types used. For example, "iat": "1234567890" is not equal to "iat": 1234567890.

If using agent version 11.26, VerifyJwtClaims will generate errors if claims is left empty. As a workaround, enter "{}" for claims.

Important

This function requires agent version 11.26 or later.

Examples

// Verify JWT claims:
VerifyJwtClaims("AxE9qm4aTZiXvA2G8sblAxjeL...", "RS256", "Secret", '{"iat": 1234567890, "name": "Example", "test": "Test"}');
// Empty claims workaround:
VerifyJwtClaims("AxE9qm4aTZiXvA2G8sblAxjeL...", "RS256", "Secret", "{}");

DecodeJwtToken

Declaration

string DecodeJwtToken(string token)

Syntax

DecodeJwtToken(<token>)

Required parameters

  • token: A string representing the JWT.

Description

Decodes the supplied token to retrieve its claims. On success, a string containing the decoded claims is returned. If the token is not valid, an empty string is returned. Otherwise, any error messages are returned.

Important

This function requires agent version 11.26 or later.

Examples

// Decode a JWT token:
DecodeJwtToken("AxE9qm4aTZiXvA2G8sblAxjeL...");

GetJwtHeader

Declaration

string GetJwtHeader(string token)

Syntax

GetJwtHeader(<token>)

Required parameters

  • token: A string representing the JWT.

Description

Retrieves the header from the JWT. On success, a string containing the header is returned. If the token is not valid, an empty string is returned.

Important

This function requires agent version 11.26 or later.

Examples

// Retrieve a JWT header:
GetJwtHeader("AxE9qm4aTZiXvA2G8sblAxjeL...");

GetJwtPayload

Declaration

string GetJwtPayload(string token)

Syntax

GetJwtPayload(<token>)

Required parameters

  • token: A string representing the JWT.

Description

Retrieves the payload from the JWT. On success, a string containing the payload is returned. If the token is not valid, an empty string is returned.

Important

This function requires agent version 11.26 or later.

Examples

// Retrieve a JWT payload:
GetJwtPayload("AxE9qm4aTZiXvA2G8sblAxjeL...");

GetJwtSignature

Declaration

string GetJwtSignature(string token)

Syntax

GetJwtSignature(<token>)

Required parameters

  • token: A string representing the JWT.

Description

Retrieves the signature from the JWT. On success, a string containing the signature is returned. If the token is not valid, an empty string is returned.

Important

This function requires agent version 11.26 or later.

Examples

// Retrieve a JWT signature:
GetJwtSignature("AxE9qm4aTZiXvA2G8sblAxjeL...");