JSON Web Token (JWT) Support

  • This feature enables usage of JSON Web Token (JWT) from the server response.
  • A JWT can be received as an Access Token or an ID Token.
  • If the ID Token is not received and if the Access Token is a JWT, the client not only fetches data from the JWT but also from the User Info Endpoint if specified.

How to Configure JWT?

  • To configure JWT, Navigate to the “Configure OAuth” tab and click on “Edit Application” link in front of the application that you want to configure JWT Support for, like shown below:
    find-jwt-settings
  • You will find the Advanced Grant Type Configuration section.
  • Select Response Type and Enable the JWT Support option after that select an appropriate JWT Signing algorithm. By Default, we use HSA.
    jwt-configuration

NOTE - Select PKCE only when you are using Authorization Code Grant. You can enter any value in the client secret field.

Configuring RSA for JWT

  • When you select RSA as “JWT Signing Algorithm”, you will be shown an option to add the X509 Certificate verify the JWT signature:
    jwt-rsa-configuration
  • You need to add in the RSA Certificate issued by your OpenID Connect Provider.
  • Often, the providers do not issue a certificate for each client. Instead, they have an OpenID Connect Discovery URL.
  • On this URL, you will find a jwks_uri, which you can use instead of the certificates.
  • Add this URI in its designated field above the Advanced Grant Type Configuration screen:
    jwt-rsa-jwks-configuration