JSON Web Token (JWT)

A JWT is a set of JSON claims that are signed, encrypted, or both, and are encoded into a web safe form. This set of claims might or might not include some well-known claims defined by the RFC.

The methods of encrypting and signing and the support for key exchange and algorithms are defined in RFCs 7515, 7516, 7517, and 7518. These RFCs cover signing, encryption, key sets, and algorithms. RFC 7519 covers JWT.

A JWT contains three Base64 encoded strings that are separated by dots (“.”).

For a signed JWT, these parts are:

• JWT Header - JSON
• JWT claims - JSON
• Signature - Binary data

All of these parts are Base64 URL encoded. An example JWT is shown in the following example:

eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJ5b3UiLCJpc3MiOiJtZSIsInN1YiI6InRvZ
GF5IiwiZGF5IjoibW9uZGF5In0.6f14Ub6WuEuMMSa_6hkXfj5kpVAI9tkmP5vcbX1
qH3Y

This JWT is signed using the algorithm HS256 and the shared key of “secret”.

We can use http://jwt.io to create and validate simple signed JWTs.

• JWT support
  ISAM supports JWT by using STS to expose a JWT module.
• Validate mode
  In validate mode, the JWT Module consumes a binary security token, which has the attribute type “urn:com:ibm:JWT”.
• Issue mode
  In issue mode, the JWT Module creates a binary security token, which has the attribute type urn:com:ibm:JWT.

Parent topic: Supported module types