Overview
This node provides functionality to work with JSON Web Tokens (JWTs). It supports three main operations: signing a payload to create a JWT, verifying the authenticity and validity of a JWT, and decoding a JWT to inspect its contents without verification.
Common scenarios where this node is useful include:
- Generating signed tokens for authentication or authorization in APIs.
- Validating incoming JWTs to ensure they are valid and unaltered.
- Extracting claims from JWTs for processing or decision-making.
For example, you can use it to sign user information into a token that clients can present later, verify tokens received from clients to authenticate requests, or decode tokens to read embedded data.
Properties
| Name | Meaning |
|---|---|
| Algorithm | The cryptographic algorithm used for signing or verifying the JWT. Options: ES256, ES384, ES512, HS256, HS384, HS512, PS256, PS384, PS512, RS256, RS384, RS512. |
| Advanced Claim Builder | When enabled, allows specifying JWT claims as a raw JSON object for more complex claim structures. |
| Claims | A collection of standard JWT claims to include when signing the token (used if Advanced Claim Builder is disabled): Audience, Expires In (token lifetime in seconds), Issuer, JWT ID, Not Before (time before which token is invalid), Subject. |
| Claims (JSON) | Raw JSON input of claims to add to the token (used if Advanced Claim Builder is enabled). |
Output
The node outputs an array of items corresponding to each input item processed:
For the Sign operation, the output contains a
jsonfield with a single property:token: The signed JWT string.
For the Verify operation, the output's
jsonfield contains the decoded and verified JWT payload or the complete token structure if requested.For the Decode operation, the output's
jsonfield contains the decoded JWT payload or full token details without verification.
No binary data is produced by this node.
Dependencies
- Requires an API key credential containing a secret or key material used for signing and verifying JWTs.
- Uses the
jsonwebtokenlibrary internally for JWT operations. - May require proper formatting of keys depending on the key type (private/public/passphrase).
Troubleshooting
- Invalid Signature Errors: Occur if the provided key or passphrase does not match the one used to sign the token. Ensure the correct secret or key is configured.
- Token Expired Errors: If token expiration validation fails, check the "Ignore Expiration" option or adjust the token lifetime.
- Malformed Token Errors: Can happen if the token string is corrupted or incomplete. Verify the token source.
- Unsupported Algorithm Errors: Make sure the selected algorithm matches the key type and is supported by the underlying library.
- Claims Format Issues: When using advanced claim builder, ensure the JSON is well-formed and valid.
If errors occur, enabling "Continue On Fail" can help process multiple items without stopping the workflow.