Skip to Content

Plugin GenerateJwtPlugin


Generates a JSON Web Token (JWT) for each row returned by the Filter event.


The GenerateJwtPlugin is an action plugin for a table-level event. It must be registered on the intrinsic Filter event. Because the plugin alters the behavior of the Filter event, it should be registered on a business object, not a physical table.


Column Required Direction Description
Issuer Yes In JWT issuer (iss) claim.
Audience Yes In JWT audience (aud) claim.
Lifetime No In JWT lifetime in seconds. Used to calculate the JWT expiration (exp) claim. Defaults to 120.
Algorithm No In JWT algorithm. Defaults to RS256.
SigningKey Yes In JWT signing key. Expects PEM-encoded, RSA private key.
Subject Yes In JWT subject (sub) claim.
JwtId No In JWT ID (jti) claim.
Jwt No Out Generated JWT.
UserName No In JWT peferred user name (preferred_username) claim.
FullName No In JWT name (name) claim.
DisplayName No In JWT nick name (nickname) claim.
PhoneNumber No In JWT phone number (phone_number) claim.
TimeZone No In JWT time zone (zoneinfo) claim.
Locale No In JWT locale (locale) claim.
Groups No In JWT groups (groups) claim.


The issued at (iat) claim is set automatically.

Generated JWTs are compatible with the Vinyl JWT SSO security provider.

The only algorithm currently supported is the RS256 algorithm.


The GenerateJwtPlugin can be used to integrate with third-party systems. The developer might add a button to a page that invokes an event before following a link. Clicking the link invokes the event, generating the JWT which is then substituted into the external link.