This Snap validates JSON Web Tokens. Together with JWT Validate Snap, this Snap allows pipelines to use limited scope tokens.
This Snap verifies:
The token signature (by using the secret or trusted certificate a with public key from the associated JWTAccount) and the algorithm specified in token header.
If the token is still valid or if it has expired.
If the "audience" property is specified, the audience in the token payload will be compared with the snap property, and the validation will only succeed if at least one of the values match.
Input & Output
Input: This Snap can have an upstream Snap that passes in the access token. Alternatively, this Snap could be the first Snap in a pipeline and receive the token in an HTTP Header or HTTP Request body.
Output: If the validation succeeds, this Snap outputs a document that contains all the claims found in the token. The downstream Snap could take this information and do additional validation or filtering.
Since triggered and scheduled tasks do not support custom HTTP headers, the token should be passed in the request body for those types of tasks.
This Snap has been tested with tokens generated using the JWT Validate Snap.
Validating tokens generated using other methods has not been tested.
Configurations:
Account & Access
This Snap uses account references created on the JWT Validate page of SnapLogic Manager to handle access to this endpoint. See JWT Account for information on setting up this type of account.
Views
Input
This Snap has at most one document input view.
Output
This Snap has exactly one document output view.
Error
This Snap has at most one document error view and produces zero or more documents in the view.
Troubleshooting:
[None]
Settings
Label
Required. The name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline.
Audience
The asset that the token should be valid for. It can be a string or list of strings. If a single value is specified, it must match the "audience" value in the JWT token for the validation to succeed. If a list of values is specified, at least one the values specified in this property should match at least one of the values in the token.
The pipeline below shows a standalone JWT Validate Snap (it contains a hardcoded token for demo purposes).
Note that:
The Audience property is set to a string value of "sales". This means that the JWT must contain an "audience" claim, and one of those values must be "sales".
The Access token property refers to pipeline parameter (_access_token).
The preview shows the output when a JWT has been successfully validated and the token has been decoded.
Typical Snap Configurations
The Access token parameter must always be present. Since it is an expression, it can refer to pipeline parameter, input document parameter or a plain string.
The Audience parameter is optional. If left empty, the Snap will not perform any checks against the "audience" parameter in the token (It'll still check for a valid token signature and expiration).
Advanced Use Case
This Snap can be used at the start of a pipeline to limit access. By configuring the "audience" parameter, the pipeline will only allow calls with access token that contains that "audience" parameter.
Following on from the Advanced Use Case in JWT Generate Snap documentation, let us assume that we want to allow calls associated with "sales" department only. Further, let us assume that we only want to allow calls when "age" is greater than 21.
The JWT Validate Snap is configured as shown in the "Typical Snap Configuration" section above.
If a token was generated for a different audience (for e.g. "Engineering"), then the Snap validation fails.
With a valid token, the Validation succeeds and the contents of the decoded JWT are written to the output document.
The next step after JWT Validate can perform further filtering or validation. In this example, we configure a Filter snap to only pass calls with an "age" value of greater than 21.
Downloads
You'll need to create a Configuring JWT Accounts to use for this sample. Use the attached jwt-keystore.jks file to create one.
(The keystore was created using keytool for demo purposes. It contains one symmetric key with alias: jwt password: jwtpasswd)
File
Modified
You are not logged in. Any changes you make will be marked as anonymous.
You may want to Log In if you already have an account.
Updated and certified against the current SnapLogic Platform release.
February 2024
436patches25733
Latest
Enhanced the JWT Account to support Secret key authentication.
February 2024
main25112
Stable
Updated and certified against the current SnapLogic Platform release.
November 2023
main23721
Stable
Updated and certified against the current SnapLogic Platform release.
August 2023
main22460
Stable
Updated and certified against the current SnapLogic Platform release.
May 2023
main21015
Stable
Upgraded with the latest SnapLogic Platform release.
February 2023
main19844
Stable
Upgraded with the latest SnapLogic Platform release.
November 2022
431patches19481
Latest
The JWT Generate Snap includes the following new fields:
Issued At Epoch, Not Before Epoch, and Expiration Epoch enable you to specify the custom instants in milliseconds for generating JSON Web Token (JWT).
Skip Key ID for removing the Key ID parameterfrom the JWT when selected. Some APIs (such as Bloomberg) do not accept Key IDs; this option is useful for such APIs.
November 2022
main18944
Stable
Upgraded with the latest SnapLogic Platform release.
August 2022
main17386
Stable
Upgraded with the latest SnapLogic Platform release.
4.29
main15993
Stable
Upgraded with the latest SnapLogic Platform release.
4.28 Patch
428patches15200
Latest
Enhanced the JWT Generate Snap to include the typ field in the JWT Header of the JWT token.
4.28
main14627
Stable
Upgraded with the latest SnapLogic Platform release.
4.27
main12833
Stable
Upgraded with the latest SnapLogic Platform release.
4.26
main11181
Stable
Upgraded with the latest SnapLogic Platform release.
4.25
main9554
Stable
Upgraded with the latest SnapLogic Platform release.
4.24
main8556
Stable
Upgraded with the latest SnapLogic Platform release.
4.23
main7430
Stable
Upgraded with the latest SnapLogic Platform release.
4.22
main6403
Stable
Upgraded with the latest SnapLogic Platform release.
4.21
snapsmrc542
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.20
snaprsmrc528
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.19
snaprsmrc528
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.18
snapsmrc523
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.17 Patch
ALL7402
-
Stable
Pushed automatic rebuild of the latest version of each Snap Pack to SnapLogic UAT and Elastic servers.
4.16
snapsmrc508
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.15
snapsmrc500
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.14
snapsmrc490
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.13
snapsmrc486
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.12
snapsmrc480
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.11
snapsmrc465
-
Stable
Upgraded with the latest SnapLogic Platform release.
4.10
-
Stable
Introduced in this release. Snap Pack contains JWT Generate and JWT Validate.
