Overview
The JWT node in n8n allows you to create (sign), verify, and decode JSON Web Tokens (JWTs).
For the Default → Sign operation, this node generates a JWT using the specified algorithm and claims. This is useful for authentication, authorization, or securely transmitting information between parties as a JSON object.
Common scenarios:
- Generating tokens for API authentication.
- Creating signed tokens for single sign-on (SSO) systems.
- Issuing custom tokens for secure communication between microservices.
Example:
You can use this node to generate a JWT with specific claims (like user ID, expiration time, etc.) that your backend or third-party service will accept for authentication.
Properties
| Name | Type | Meaning |
|---|---|---|
| Algorithm | options | The cryptographic algorithm used to sign the token (e.g., HS256, RS256, ES256, etc.). |
| Advanced Claim Builder | boolean | Enables advanced mode to input claims as raw JSON instead of using individual fields. |
| Claims | collection | Standard JWT claims (audience, expiresIn, issuer, jwtid, notBefore, subject) as key-value pairs. Used if Advanced Claim Builder is off. |
| Claims | json | Raw JSON object containing all claims. Used if Advanced Claim Builder is on. |
Output
- The output is an object with a single field:
token: The generated JWT string.
Example output:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Dependencies
- External library: jsonwebtoken
- Credentials: Requires n8n credentials named
jwtSecretwith one of the following:- Secret (for HMAC algorithms)
- Private Key (for RSA/ECDSA algorithms)
- Public Key (for verification, not signing)
- Passphrase (if private key is encrypted)
Troubleshooting
Common issues:
- Invalid or missing secret/key: Ensure the correct secret or private key is provided in the credentials.
- Algorithm mismatch: The selected algorithm must match the type of key/secret provided.
- Malformed claims JSON: If using Advanced Claim Builder, ensure the JSON is valid.
- Error messages:
"invalid algorithm": Check that the algorithm matches your key type."secret or private key must be provided": Make sure credentials are set up correctly."jwt malformed": Input claims or configuration may be incorrect.
How to resolve:
- Double-check your credentials and algorithm selection.
- Validate your claims JSON before submitting.
- Use the standard claim builder if unsure about the JSON structure.