Build and consume JSON Web Token (JWT) tokens in Liberty

We can configure a Liberty server to build and consume JSON Web Token (JWT) tokens, which we can use to propagate user identity or tokens. To build or consume JWTs, configure the JWT builder or consumer in the server configuration, and then implement one of the provided APIs to programmatically build or consume the tokens.

JSON Web Token (RFC 7519) is a compact, URL-safe means of representing claims that are transferred between two parties, such as a Liberty resource server and an authentication proxy. Any trusted party in possession of a JWT token can use that token to get access to the associated resources in Liberty. For more information about the specification, see RFC 7519: JSON Web Token.

Liberty provides a complete set of APIs used to programmatically build and consume JWTs, including the following main APIs.

com.ibm.websphere.security.jwt.JwtBuilder
com.ibm.websphere.security.jwt.JwtConsumer

For information about these and other JWT APIs, see the Java documentation for the JSON Web Token APIs or the API documentation included in the product in the ${wlp.install.dir}/dev directory.