JWT

Overview

The JWT node in n8n, when configured with the Default resource and the Verify operation, is used to verify the validity of a JSON Web Token (JWT) using a specified algorithm and secret or key. This is useful in workflows where you need to authenticate users, validate tokens received from external services, or ensure that data has not been tampered with.

Common scenarios:

• Validating JWTs received from API requests before processing sensitive data.
• Checking user authentication tokens in automation flows.
• Ensuring tokens are still valid (not expired or not yet active).

Example use case:
A webhook receives a JWT as part of an HTTP request. Before proceeding, the workflow uses this node to verify the token's authenticity and claims, ensuring only authorized requests are processed.

---

Properties

Name	Type	Meaning
Algorithm	options	The cryptographic algorithm used to verify the token's signature (e.g., HS256, RS256, etc.).
Token	string	The JWT string to be verified.
Return Complete Token	boolean	If true, returns the full decoded token object (header, payload, signature); otherwise, just the payload.
Ignore Expiration	boolean	If true, skips validation of the exp (expiration) claim.
Ignore Not Before	boolean	If true, skips validation of the nbf (not before) claim.
Clock Tolerance	number	Number of seconds to allow for clock skew when checking nbf and exp claims.

---

Output

• If Return Complete Token is false:
  The output is the decoded JWT payload as a JSON object.

• If Return Complete Token is true:
  The output is a JSON object containing:

  {
    "header": { /* JWT header fields */ },
    "payload": { /* JWT payload fields */ },
    "signature": "..." // JWT signature as a string
  }
  

• If verification fails and "Continue On Fail" is enabled, the output will include an error field describing the failure.

---

Dependencies

• External library: jsonwebtoken
• Credentials: Requires a credential named jwtSecret in n8n, which must contain the appropriate secret, private key, or public key depending on the algorithm.
• n8n configuration: No special environment variables required beyond the credential setup.

---

Troubleshooting

Common issues:

• Invalid signature error:

  • Cause: The provided secret/key does not match the one used to sign the token, or the wrong algorithm is selected.
  • Solution: Double-check the secret/key and algorithm settings.

• Token expired error:

  • Cause: The token's exp claim is in the past.
  • Solution: Enable "Ignore Expiration" if you want to bypass this check, or ensure tokens are refreshed.

• Not Before error:

  • Cause: The token's nbf claim is in the future.
  • Solution: Enable "Ignore Not Before" or adjust the system clocks/tolerance.

• Malformed token error:

  • Cause: The input token is not a valid JWT string.
  • Solution: Ensure the token is correctly formatted.

Error handling:
If "Continue On Fail" is enabled, errors are included in the output under an error field; otherwise, the node will throw and stop the workflow.

---

Links and References

• JWT Introduction
• jsonwebtoken npm package
• n8n Documentation: Credentials
• n8n Community Forum