Overview
This node allows you to create and sign JSON Web Tokens (JWTs). It is useful when you need to generate JWTs for authentication, authorization, or secure data exchange in your workflows. For example, you can use it to issue tokens that grant access to APIs, services, or resources by embedding claims such as user identity, issuer, audience, and expiration time.
The "Sign" operation supports building the JWT payload either from a raw JSON object or from individual standard and custom claims, then signs the token using a cryptographic key.
Properties
| Name | Meaning |
|---|---|
| Payload | Choose how to build the JWT payload: - JSON: Provide the entire payload as a JSON object. - Claims: Build payload from individual claims. |
| JSON Payload | The JWT payload as a JSON object (used if Payload = JSON). |
| Claims | Define individual claims if Payload = Claims: - Standard Claims: subject (sub), issuer (iss), audience (aud), expiresIn, notBefore, JWT ID (jti). - Custom Claims: Add any number of custom key-value pairs as additional claims. |
| Options | Additional options: - Include Issued At: Whether to include the iat (issued at) claim (default true).- Pass Through: Whether to pass through the original input data along with the output (default true). |
Output
The node outputs a JSON object containing:
token: The signed JWT string.payload: The payload object used to create the token.algorithm: The algorithm used for signing the token.
If "Pass Through" is enabled, the original input data is also included under originalData.
Dependencies
- Requires an API key credential that provides the signing key material. This key can be:
- A passphrase (secret string).
- A PEM-encoded private key.
- A JWK (JSON Web Key).
- Uses the
joselibrary internally for JWT creation and signing. - The signing algorithm and key type must be compatible.
Troubleshooting
- Unsupported key type error: Occurs if the provided key credential is not one of the supported types (passphrase, PEM key, JWK). Ensure your credential matches one of these formats.
- Invalid JSON payload: If the JSON payload is malformed, parsing will fail. Verify the JSON syntax.
- Missing required claims: When building claims manually, ensure all necessary claims are provided according to your use case.
- Signing failures: Check that the signing algorithm matches the key type and that the key is valid.
- Token verification errors downstream: Make sure the token's claims like
exp,nbf, andiatare set correctly and that the token is signed with the expected algorithm and key.
Links and References
- JWT Introduction
- RFC 7519 - JSON Web Token (JWT)
- jose Library on GitHub - Used internally for JWT operations