Plugin GenerateJwtPlugin¶
Summary¶
Generates a JSON Web Token (JWT) for each row returned by the Filter event.
Registration¶
The GenerateJwtPlugin is an action plugin for a table-level event. It must be registered on the intrinsic Filter event. Because the plugin alters the behavior of the Filter event, it should be registered on a business object, not a physical table.
Columns¶
| Column | Required | Direction | Description |
|---|---|---|---|
| Issuer | Yes | In | JWT issuer (iss) claim. |
| Audience | Yes | In | JWT audience (aud) claim. |
| Lifetime | No | In | JWT lifetime in seconds. Used to calculate the JWT expiration (exp) claim. Defaults to 120. |
| Algorithm | No | In | JWT algorithm. Defaults to RS256. |
| SigningKey | Yes | In | JWT signing key. Expects PEM-encoded, RSA private key. |
| Subject | Yes | In | JWT subject (sub) claim. |
| JwtId | No | In | JWT ID (jti) claim. |
| Jwt | No | Out | Generated JWT. |
| UserName | No | In | JWT peferred user name (preferred_username) claim. |
| FullName | No | In | JWT name (name) claim. |
| DisplayName | No | In | JWT nick name (nickname) claim. |
| PhoneNumber | No | In | JWT phone number (phone_number) claim. |
| TimeZone | No | In | JWT time zone (zoneinfo) claim. |
| Locale | No | In | JWT locale (locale) claim. |
| Groups | No | In | JWT groups (groups) claim. |
Remarks¶
The issued at (iat) claim is set automatically.
Generated JWTs are compatible with the Vinyl JWT SSO security provider.
The only algorithm currently supported is the RS256 algorithm.
Usage¶
The GenerateJwtPlugin can be used to integrate with third-party systems. The developer might add a button to a page that invokes an event before following a link. Clicking the link invokes the event, generating the JWT which is then substituted into the external link.