About
Library for generating, decoding and validating JSON Web Tokens (JWT), an open, industry standard RFC 7519 method for representing claims securely between two parties. This library handle JSON Web Tokens used in OAuth authentication. Currently this component allows generating and decoding tokens, which are needed to connect to existing REST services that require JWT for authentication. It supports tokens signed symmetrically (using HS256, HS384, HS512) and also asymmetrically (using RS256, RS384, RS512).
To learn more about JWT usage and its structure, consult the JWT introduction.
It is recommended to consult the component documentation to obtain more details about implementation.
Note: In order to properly use the sample key links that exist in this Demo, the sample keys must first be configured in service center. All of them are site properties present in this module.
Generate a JWT
A JWT can be generated, in two different ways. The difference is in the token Signature definition, related to the JWT security. On one hand, a JWT can be generated using a secret plain key (for secret key) or a private key (generating a PEM file). On the other hand, a JWT can be generated using a JSON Web Key (JWK), as a private key. This key is a JSON object.
Plain / PEM key
Generate and encode a JWT using a secret plain text key or a private key as signature. The private key must be generated through a PEM file.
JSON Web Key
Generate and encode a JWT using a JSON object (JSON Web Key) as signature. The JSON Web Key must be generated to obtain a public and private keypair.
Read a JWT
Two types of JWT can be decoded, using the related validation method. On one hand, a JWT generated using a Plain / PEM key, can only be decoded using the same secret plain key, or the public key related to a private PEM key. On the other hand, a JWT generated using a JSON Web Key can only be decoded using the related public key (or the generated keypair).
Plain / PEM key
Read and decode the encoded token using the same secret plain text key or the public key related to the generated private PEM key used for token generation. 
JSON Web Key
Read and decode the encoded token using the public key or keypair related to the generated JSON Web Key used for token generation.
Click here to see your activities