Jwt Create
Generates a JWT.
Revision History
1.0.0.0 Initial Release
Properties
Connection
Type: Connection Input
The Connection Property
CertificateStoreName
Type: List
Provides the name of the certificate store in which the signing certificate is located. Note that My
is the Personal store.
CertificateStoreLocation
Type: List
Provides the location of the certificate store in which the signing certificate is located. If you do not use LocalMachine
, ensure that the DropPoint is running under the correct user account.
CertificateThumbprint
Type: String
Provides the thumbprint of the certificate. This thumbprint is obtained from the Thumbprint
property of the Details
tab of the certificate from within MMC.
Issuer
Type: String Input
The Issuer Property
Audience
Type: String Input
The Audience Property
ExpiresDays
Type: Int32 Input
The ExpiresDays Property
Claims
Type: String Input
Provides a set of claims expressed as a JSON document.
Jwt
Type: Multiline Text Output
Returns the unencoded JWT. Note that this is not a JSON document but contains two JSON documents separated by a period.
EncodedJwt
Type: Multiline Text Output
Returns the encoded JWT. This is the token that will be exchanged for an access token.
Remarks
Use this Node to generate a JWT. The Node will sign the JWT using a certificate which must be installed in the certificate store. For this reason, the Node must be run at a DropPoint.
As part of best practice, we recommend enabling Whitelisting at the DropPoint.
Installing a certificate in to the Windows Certificate Store
In order to install the signing certificate into the Windows Certificate Store, you'll need to combine the public and private key into a certificate. If you have two separate files, one containing the public key, another containing the private key, you can use openssl
to generate a PFX from these files.
The OpenSSL utility can be obtained from https://www.openssl.org/
Use this command to generate a PFX:
openssl pkcs12 -export -in public.crt -inkey private.key -out newcert.pfx
public.crt should look like this:
-----BEGIN CERTIFICATE-----(base64 data here)-----END CERTIFICATE-----
private.key should look like this:
-----BEGIN PRIVATE KEY-----(base64 data here)-----END PRIVATE KEY-----