Build and consuming JSON Web Token (JWT) tokens in Liberty

We can configure a Liberty server to build and consume JSON Web Token (JWT) tokens, which we can use to propagate user identity or tokens. To build or consume JWTs, configure the JWT builder or consumer in the server configuration, and then implement one of the provided APIs to programmatically build or consume the tokens.

JSON Web Token (RFC 7519) is a compact, URL-safe means of representing claims that are transferred between two parties, such as a Liberty resource server and an authentication proxy. Any trusted party in possession of a JWT token can use that token to get access to the associated resources in Liberty. For more information about the specification, see RFC 7519: JSON Web Token. Liberty provides a complete set of APIs used to programmatically build and consume JWTs, including the following main APIs.

com.ibm.websphere.security.jwt.JwtBuilder
com.ibm.websphere.security.jwt.JwtConsumer

For information about these and other JWT APIs, see the Java documentation for the JSON Web Token APIs or the API documentation included in the product in the ${wlp.install.dir}/dev directory.

Obtaining JSON Web Tokens in Liberty
We can obtain JSON Web Token (JWT) tokens from the JWT token generation endpoint in the jwt-1.0 feature.
Building JSON Web Tokens in Liberty
We can programmatically build JSON Web Token (JWT) tokens by configuring the JWT builder element in the server configuration and implementing the com.ibm.websphere.security.jwt.JwtBuilder and com.ibm.websphere.security.jwt.JwtToken APIs in the applications.
Consuming JSON Web Tokens in Liberty
We can programmatically verify and parse JSON Web Token (JWT) tokens by configuring the JWT consumer element in the server configuration and implementing the com.ibm.websphere.security.jwt.JwtConsumer and com.ibm.websphere.security.jwt.JwtToken APIs in the applications.

Parent topic: Configure JSON Web Token in Liberty