Integration Server 10.11 | Built-In Services Reference Guide | JWT Folder | Summary of Elements in This Folder | pub:jwt:generateSignedJWT
 
pub:jwt:generateSignedJWT
WmPublic. Generates a signed JWT from Integration Server.
Input Parameters
algorithm
String. The cryptographic algorithm used to sign a JWT. Supported algorithms are:
*RS512
*RS384
*RS256
keyStoreAlias
String. Alias of the keystore containing private key required to sign a JWT.
keyAlias
String. Alias of the private key used to sign a JWT.
allowWeakKey
Boolean. Indicates whether an RSA key shorter than 2048 bits in a cryptographic algorithm is allowed or not. A value of:
*true allows an RSA key shorter than 2048 bits in a cryptographic algorithm.
*false does not allow an RSA key shorter than 2048 bits in a cryptographic algorithm. This is the default.
subject
String. Optional. Identifies the principal, which is the subject of the JWT.
issuer
String. Optional. Specifies the name of the JWT token issuer.
audience
String[]. Optional. Specifies the intended recipients of the token.
expirationTime
String. Optional. Identifies the time on or after which the JWT must not be accepted for processing. The expiration date or time must be equal to or later than the current date or time. The required date format is "dd/MM/yyyy HH:mm:ss".
notBeforeTime
String. Optional. Identifies the time before which the JWT must not be accepted for processing. The not-before date or time must be equal to or earlier than the current date or time. The required date format is "dd/MM/yyyy HH:mm:ss".
addIssuedAtTimeClaim
Boolean. Indicates whether issuedAtTime (iat) claim is added to the generated signed JWT or not. A value of:
*true indicates that the issuedAtTime (iat) claim is added to the generated signed JWT.
*false indicates that the issuedAtTime (iat) claim is not added to the generated signed JWT. This is the default.
jwtId
String. Optional. A unique identifier for the JWT. The value is a case-sensitive string.
customClaims
Document List. Optional. A list of custom claims. Each claim has 3 parts: "name", "value", and "type".
Key
Description
name
String. Name of the claim.
value
String[]. The array to provide one or more values for a custom claim.
type
String. Any valid JSON data type except null. Supported valid JSON data types are:
*String
*Boolean
*Number
*JSONArray
*JSONObject
Output Parameters
jwt
String. Signed JWT.
Usage Notes
The customClaims parameter in this service accepts only valid JSON data types such as String, Boolean, Number, JSONArray, and JSONObject except null.
If you provide duplicate claim names to the customClaims parameter, then the values corresponding to the latest duplicate claim name are used to generate the JWT.
If you want to specify jwtId manually, you can use the pub.utils:generateUUID public service to generate a random Universally Unique Identifier (UUID) and map it to jwtId.
If the token has numbers with values greater than 1e308, then the results are unpredictable.
If you specify a custom claim with empty or a null value, then such claims will be absent in the generated JWT.
You can provide one or more inputs to the "value" field in customClaims. The output is displayed as an array. For example, custom claim "Address" can have multiple values, then the output for this claim is displayed as an array. For example: