Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

JSON Web Tokens Support

JWT support works alongside OpenID Connect 1.0. JSON Web Tokens (JWTs, pronounced jots) are compact, URL-safe tokens used to securely transfer information between two parties. Claims are encoded as JSON objects.

In OpenID Connect, JWTs are typically returned from the token endpoint as an id_token. In some cases, an access_token may also be a JWT.

What is a JWT?

A JWT is a digitally-signed JSON token used to securely convey information over the web. In this context, it contains user-related data that allows a client to authenticate or act on behalf of the user.

JWT Structure

A JWT consists of three parts:

[header].[payload].[signature]

Header: Contains metadata about the token, including the type and signing algorithm.
Payload: Holds the claims or data being transferred, such as issuer (iss), expiration time (exp), and issued-at time (iat).
Signature: A Base64-encoded SHA-256 hash that ensures the token has not been tampered with.

Learn more about JWT structure: https://jwt.io/introduction/

How to configure JWT Support?

Configuring JWT Support

Navigate to the OAuth Clients tab and click Update on the desired client.
In the JWT Support menu, toggle the feature ON or OFF.
Choose the signing algorithm. The default is HS256.

Note: For RSA-based algorithms, you must provide a signing certificate to the client. This certificate is used to verify the JWT signature.

What is a JWT?
- JWT Structure
How to configure JWT Support?