Home Nodes Jwt Create

Jwt Create

Generates a JWT.

Revision History

1.0.0.0 Initial Release

Properties

Connection

Type: Connection Input
The Connection Property

CertificateStoreName
Type: List
Provides the name of the certificate store in which the signing certificate is located. Note that My is the Personal store.

CertificateStoreLocation
Type: List
Provides the location of the certificate store in which the signing certificate is located. If you do not use LocalMachine, ensure that the DropPoint is running under the correct user account.

CertificateThumbprint
Type: String
Provides the thumbprint of the certificate. This thumbprint is obtained from the Thumbprint property of the Details tab of the certificate from within MMC.

Issuer

Type: String Input
The Issuer Property

Audience

Type: String Input
The Audience Property

ExpiresDays

Type: Int32 Input
The ExpiresDays Property

Claims

Type: String Input
Provides a set of claims expressed as a JSON document.

Jwt

Type: Multiline Text Output
Returns the unencoded JWT. Note that this is not a JSON document but contains two JSON documents separated by a period.

EncodedJwt

Type: Multiline Text Output
Returns the encoded JWT. This is the token that will be exchanged for an access token.

Remarks

Use this Node to generate a JWT. The Node will sign the JWT using a certificate which must be installed in the certificate store. For this reason, the Node must be run at a DropPoint.

As part of best practice, we recommend enabling Whitelisting at the DropPoint.

Installing a certificate in to the Windows Certificate Store

In order to install the signing certificate into the Windows Certificate Store, you'll need to combine the public and private key into a certificate. If you have two separate files, one containing the public key, another containing the private key, you can use openssl to generate a PFX from these files.

The OpenSSL utility can be obtained from https://www.openssl.org/

Use this command to generate a PFX:

openssl pkcs12 -export -in public.crt -inkey private.key -out newcert.pfx

public.crt should look like this:

-----BEGIN CERTIFICATE-----(base64 data here)-----END CERTIFICATE-----

private.key should look like this:

-----BEGIN PRIVATE KEY-----(base64 data here)-----END PRIVATE KEY-----