JWT Validate
On this Page
Snap type: | Flow | ||||||
---|---|---|---|---|---|---|---|
Description: | This Snap validates JSON Web Tokens. Together with JWT Validate Snap, this Snap allows pipelines to use limited scope tokens. This Snap verifies:
Input & Output
| ||||||
Prerequisites: | [None] | ||||||
Limitations and Known Issues: |
| ||||||
Configurations: | Account & AccessThis Snap uses account references created on the JWT Validate page of SnapLogic Manager to handle access to this endpoint. See JWT Account for information on setting up this type of account. Views
| ||||||
Troubleshooting: | [None] | ||||||
Settings | |||||||
Label | Required. The name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline. | ||||||
Audience | The asset that the token should be valid for. It can be a string or list of strings. If a single value is specified, it must match the "audience" value in the JWT token for the validation to succeed. If a list of values is specified, at least one the values specified in this property should match at least one of the values in the token. Default value: pipe.projectPath | ||||||
Access token | Required. The token to validate. Default value: [None] | ||||||
Snap Execution | Select one of the following three modes in which the Snap executes:
Default Value:Â Execute only |
Examples
Basic Use Case
The pipeline below shows a standalone JWT Validate Snap (it contains a hardcoded token for demo purposes).Â
Note that:
- The Audience property is set to a string value of "sales". This means that the JWT must contain an "audience" claim, and one of those values must be "sales".
- The Access token property refers to pipeline parameter (_access_token).
- The preview shows the output when a JWT has been successfully validated and the token has been decoded.
Â
Typical Snap Configurations
The Access token parameter must always be present. Since it is an expression, it can refer to pipeline parameter, input document parameter or a plain string.
The Audience parameter is optional. If left empty, the Snap will not perform any checks against the "audience" parameter in the token (It'll still check for a valid token signature and expiration).
Advanced Use Case
This Snap can be used at the start of a pipeline to limit access. By configuring the "audience" parameter, the pipeline will only allow calls with access token that contains that "audience" parameter.
Following on from the Advanced Use Case in JWT Generate Snap documentation, let us assume that we want to allow calls associated with "sales" department only. Further, let us assume that we only want to allow calls when "age" is greater than 21.
- The JWT Validate Snap is configured as shown in the "Typical Snap Configuration" section above.
- If a token was generated for a different audience (for e.g. "Engineering"), then the Snap validation fails.
- With a valid token, the Validation succeeds and the contents of the decoded JWT are written to the output document.
- The next step after JWT Validate can perform further filtering or validation. In this example, we configure a Filter snap to only pass calls with an "age" value of greater than 21.
Downloads
Important steps to successfully reuse Pipelines
You'll need to create a Configuring JWT Accounts to use for this sample. Use the attached jwt-keystore.jks file to create one.
(The keystore was created using keytool for demo purposes. It contains one symmetric key with alias: jwt password: jwtpasswd)
Snap Pack History
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.