JWT

Creates and validates JSON Web Tokens (JWTs) by using Connection-based signing and validation settings.

Revision History

0.0.0.1 - Initial release.
0.0.0.2 - Updated the discovery URL Connection property to use the OIDC metadata URL.

Connection

Use the Connection to switch between token creation settings and token validation settings.

Property	Type	Description
`Method`	ConnectionMethod	Selects whether the `Connection` is configured for `Create` or `Validate`.
`Certificate Store Location`	StoreLocation	Used during `Create` to find the signing certificate. The default is `CurrentUser`.
`Certificate Store Name`	StoreName	Used during `Create` to find the signing certificate. The default is `My`.
`Certificate Thumbprint`	String	Used during `Create` to resolve the signing certificate. Leave this empty to create an unsigned token.
`Signing Keys`	String	Used during `Validate` to provide public signing keys.
`Clock Skew In Minutes`	Integer	Used during `Validate` to allow time drift when validating lifetime values. The default is `5`.
`Validate If Token Is Signed`	Boolean	Used during `Validate` to check whether the token signing state is acceptable. The default is `true`.
`Validate Expiration`	Boolean	Used during `Validate` to check the token expiration value. The default is `true`.
`Validate Lifetime`	Boolean	Used during `Validate` to check the token lifetime window. The default is `true`.
`Validate Audience`	Boolean	Used during `Validate` to compare the token audience against `Audience`. The default is `true`.
`Audience`	String	Used during `Validate` as the expected audience value.
`Validate Issuer`	Boolean	Used during `Validate` to compare the token issuer against `Issuers`. The default is `true`.
`Issuers`	String	Used during `Validate` as the expected issuer value or values.
`Issuer Validation Mode`	IssuerValidationMode	Used during `Validate` to control how issuer values are matched. The default is `ExactMatch`.
`OIDC metadata URL`	String	Used during `Validate` to retrieve OpenID Connect configuration and signing keys when explicit keys are not supplied.

Setup Notes

For signed token creation, install the certificate on a local Runtime and provide the certificate thumbprint.
If Certificate Thumbprint is empty during Create, the token is generated unsigned for inspection-only scenarios.

Methods

The JWT Node exposes one method for creating tokens and one method for validating them.

Create

Creates a JWT and optionally signs it with an RSA certificate private key. This method must run on a local Runtime when you use certificate signing.

Parameter	Type	Description
`Connection`	Connection	The JWT `Connection` configured for token creation.
`Issuer`	String	The optional issuer value for the token.
`Audience`	String	The optional audience value for the token.
`ExpiresMinutes`	Integer	The number of minutes from now until the token expires. The default is `1`.
`Claims`	Object	The optional custom claims to include in the token.

Return	Type	Description
`Token`	String	The encoded JWT string.

Validate

Validates a JWT and returns a structured validation result.

Parameter	Type	Description
`Connection`	Connection	The JWT `Connection` configured for token validation.
`Token`	String	The JWT token to validate. It must contain at least three segments.
`EnableValidation`	Boolean	When `false`, validation checks are bypassed and the token payload is returned for inspection only.
`SigningKeys`	String	Optional node-level signing keys. When supplied, these keys are used before the `Connection` signing keys.

Return	Type	Description
`ValidationResult`	Object	A structured result that includes token data, validity state, and validation error details when the token is invalid.

Usage Notes

Validation key priority is SigningKeys, then Signing Keys on the Connection, and then keys resolved from OIDC metadata URL.
If no keys can be resolved and validation requires signature checks, validation fails.
Use EnableValidation = false only when you need to inspect token content without enforcing trust checks.