JWT Builder (jwtBuilder)

Information about configuring the builder. The elements and attributes that you specify are used to build the token.

NameTypeDefaultDescription

expiresInSeconds

A period of time with second precision

-1

Indicates the token expiration time in seconds. Takes precedence over expiry. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.

expiry

A period of time with hour precision

2h

Indicates the token expiration time in hours. ExpiresInSeconds takes precedence if present. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h.

id

string

defaultJWT

This ID is used to identify the JWT builder. If an ID value is not specified, the builder is not processed. The ID must be a URL-safe string. The ID is used as part of the issuer value if the issuer configuration attribute is not specified. The JwtBuilder API uses this ID to determine which builder configuration to use to construct JWTs.

issuer

string

An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme that contains scheme, host, and optionally port number and path components.

jti

boolean

false

Indicates whether to generate a unique id for the token.

jwkEnabled

boolean

false

Indicates whether to use JWK to sign the token.

keyAlias

string

A key alias name that is used to locate the private key for signing the token with an asymmetric algorithm.

keyStoreRef

A reference to top level keyStore element (string).

A keystore containing the private key necessary for signing the token with an asymmetric algorithm.

scope

string

scope.desc=Specify a white space separated list of OAuth scopes.

sharedKey

Reversably encoded password (string)

Specifies the string that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key.

signatureAlgorithm

  • HS256

  • RS256

RS256

Specifies the signature algorithm that will be used to sign the JWT token.
HS256
Use the HS256 signature algorithm to sign and verify tokens.
RS256
Use the RS256 signature algorithm to sign and verify tokens.

audiences

The trusted audience list to be included in the aud claim in the JSON web token.

claims

Specify a comma separated list of claims to include in the token.