A JSON Web Token (JWT) is encoded JSON data that contains a number of claims. In ReadyAPI, you can send JWT assertions to the authorization server to identify a client. You can send a JWT assertion when obtaining an access token by using the JWT Profile for Authorization Grants. Also, you can include a JWT assertion when using the Authorization Code, Resource Owner Password Credentials or Client Credentials grant. This topic describes how to generate a JSON Web Token in ReadyAPI.
|Note:||Assertion in this case is a term used in OAuth 2.0. Do not confuse it with assertions you use in ReadyAPI to verify responses and requests.|
To generate a JSON Web Token, click the Generate JWT button when configuring a request for an access token. If you use the Authorization Code, Resource Owner Password Credentials or Client Credentials grant, you need to select Apply Client JWT Assertion first:
Generate JSON Web Token Dialog
In the Generate JSON Web Token dialog, you specify how to encode the JSON Web Token and configure the content of the token.
|Sign Algorithm||The algorithm used to encode and sign the JWT. It is possible to use the RS256 or HS256 algorithm. In order not to use the encoding algorithm, select None.|
|Keystore||Keystore that is used for generating tokens. To add the needed keystore, use the Keystores tab of the WS-Security configuration dialog.|
|Alias||The alias to use when generating a token.|
|Alias password||The password used along with the alias.|
|JWT Header||The header part of the JSON Web Token. Using the property toolbar, you can add, remove and sort properties, load and save property values or clear them.
The header part contains information on how the JWT is encrypted. Usually, it consists of two elements:
Also, the header may contain additional elements.
|JWT Payload||The payload part of the JSON Web Token. This part contains the claim that will be included in the JWT.
The JWT payload contains a number of claims that you send to the authorization server within the generated JWT. The list below contains some of the possible claims: