https://github.com/gravitee-io/gravitee-policy-generate-jwt

Gravitee Policy - Generate JWT
https://github.com/gravitee-io/gravitee-policy-generate-jwt

product-apim security-scan

Last synced: 20 days ago
JSON representation

Gravitee Policy - Generate JWT

• Host: GitHub
• URL: https://github.com/gravitee-io/gravitee-policy-generate-jwt
• Owner: gravitee-io
• License: apache-2.0
• Created: 2019-01-28T16:33:11.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2025-04-11T22:30:45.000Z (22 days ago)
• Last Synced: 2025-04-11T23:32:08.816Z (22 days ago)
• Topics: product-apim, security-scan
• Language: Java
• Size: 171 KB
• Stars: 1
• Watchers: 27
• Forks: 6
• Open Issues: 6
• Metadata Files:
  • Readme: README.adoc
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.adoc
  • License: LICENSE.txt
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        
= Generate JWT policy

ifdef::env-github[]

image:https://img.shields.io/static/v1?label=Available%20at&message=Gravitee.io&color=1EC9D2["Gravitee.io", link="https://download.gravitee.io/#graviteeio-apim/plugins/policies/gravitee-policy-generate-jwt/"]

image:https://img.shields.io/badge/License-Apache%202.0-blue.svg["License", link="https://github.com/gravitee-io/gravitee-policy-generate-jwt/blob/master/LICENSE.txt"]

image:https://img.shields.io/badge/semantic--release-conventional%20commits-e10079?logo=semantic-release["Releases", link="https://github.com/gravitee-io/gravitee-policy-generate-jwt/releases"]

image:https://circleci.com/gh/gravitee-io/gravitee-policy-generate-jwt.svg?style=svg["CircleCI", link="https://circleci.com/gh/gravitee-io/gravitee-policy-generate-jwt"]

image:https://f.hubspotusercontent40.net/hubfs/7600448/gravitee-github-button.jpg["Join the community forum", link="https://community.gravitee.io?utm_source=readme", height=20]

endif::[]

== Phase

[cols="4*", options="header"]

|===

^|onRequest

^|onResponse

^|onRequestContent

^|onResponseContent

^.^| X

^.^| -

^.^| -

^.^| -

|===

== Description

You use the `generate-JWT` policy to generate a signed JWT with a configurable set of claims. This JWT can subsequently be forwarded

to backend targets, or used in some other way.

When a signed JWT is generated, it is put in the `jwt.generated` attribute of the request execution context.

== Compatibility with APIM

|===

| Plugin version | APIM version

| 1.5.x          | 3.x

| 1.7.x+         | 4.0 to latest

|===

== Configuration

|===

|Property |Required |Description |Type |Default

.^|signature

^.^|X

|Signature used to sign the token

^.^|Algorithm

^.^|RS256

.^|kid

^.^|-

|key ID (`kid`) to include in the JWT header

^.^|string

^.^|-

.^|id

^.^|-

|JWT ID (`jti`) claim is a unique identifier for the JWT

^.^|string

^.^|UUID

.^|audiences

^.^|-

|JWT audience claim; can be a string or an array of strings

^.^|List of string

^.^|-

.^|issuer

^.^|-

|Claim that identifies the issuer of the JWT

^.^|string

^.^|-

.^|subject

^.^|-

|Claim that identifies or makes a statement about the subject of the JWT

^.^|string

^.^|-

|===

== Attributes

|===

|Name |Description

.^|jwt.generated

|JWT generated by the policy

|===

You can read the token using Expression Language:

[source]

----

{#context.attributes['jwt.generated']}

----

== Examples

[source, json]

----

"policy-generate-jwt": {

    "signature":"RSA_RS256",

    "expiresIn":30,

    "expiresInUnit":"SECONDS",

    "issuer":"urn://gravitee-api-gw",

    "audiences":["graviteeam"],

    "customClaims":[],

    "id":"817c6cfa-6ae6-446e-a631-5ded215b404b",

    "content":"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDg0MY5LcTnpM/N\nd9ohW/mls6CqF3PoVocwUpKSb324QFuSGvo5s2qzM1JkR2uNTS5lapGltF0Krc5j\nmUgKqVZUx3ie76ngvHTVrz9qNHe9znsTFndtpsaFZuNIiGT8X+eAYgqKUaoKA+3y\nNWynEmXL9ywtFtGommPO1iBwMYfbucuxBmwtklkzxCrFGftAsTJANy8T+CV61TpB\nP2LbFVngfT0uDgjfoG/KMSBUZR88YZNvEyj1mEDPvZPZD6vYUBlTMlWgAwAD+pUn\n6b/a1BsZ69mMvMzvOg9NhuwMLwGDwQ45Gh51Swnzk6a/Oamgpa/ehySfZkypJhPL\ndiutySELAgMBAAECggEBALjo/yFok9wzovfM7I0jqWKxLCS6xYsEII2OXSA0s6Mo\nzCiQJ9/twoVCYTI5zCycntyrmsBAaYavDmK9YJPkVC3HI18WoRNH7pETY4VnQlXL\nz08T24dE9WQkDC1MgkNSXocqHKFIKiOyt7PQXV3NtAzfcGZlrmyPECi/1k5xbt05\nmU1AaM0HAKP5kGmoANEWyaPhYSrShD3EQH8QEjPwrmua62e7kas7x5u5u01tFndv\nG1/rYlApvruwoczBdD3R8WQEdziFn09IcGZUnpBWDkPlEn62qLW8/3k+uF9An9dd\n1c0IoyNopefLvm9W4CXtzFEzJsre32BIutpj66EECAECgYEA+2GYTmd7lVAAMgj/\nMes+HNVqRtg5OiAggx6qvjhi+6hhMLeVKS8mqslMQXewHthbY0+PdyvKRCZnNURj\nUmeZxxk04kOJZqN5ak45NJ6T10PnlZ0vtf2Ym9Mmi4Q29Mzk9SCR9NtVuwRHhGmP\nzOPCXQCwFHeVkqzqkYHIji1ko0sCgYEA5PI5WkWFG/uAPxVZbQreyD1iRgTxEz8B\nn1XefxQ1IV8L5/n48XAgeK1NUbhr4jPSbXL98mX5/RdyCmZORdbPLDRqSVrRepQ3\nAXF82Xp2X9Py/Gn/pIZPXEW54ctnEiW8WVRD2XQ2df1sUq+H5gX/RraiI2O9/CyF\nixZkkC4tIUECgYEAw/lt15HtUpYv0NIawTv4DFqEo/5lft8U+aOq0Oj8ody/CE/W\nxWiw6GxOOquobiOV+3JHEkzdPwwBYhGSrOd/hywrgknMkGvZd/rLti36a9PQc187\nltHBa5nNbu8AORCTXlap8w4bY9UOPDhflwfousCShSJFRTfxFsbrJ4xT7MkCgYBQ\np8TsuHEcWo3jq3HFqH6zrGxinnsPfLLlnyqzOjs9dm6LWtUIuae229bRY1ceaYNI\na6prKuHW99uFLmWE1RhHSm/nR8dkl7KJH6IMO8hYGiMQKYeWPnrW1vmVQkMdcY3Z\nKoZ8pSRKjO0MdCo8LwCvuMeGEC1uGYEybsEeyiW8AQKBgBnkExWeD6KQQL9rrImq\nwhPqz9yuMpIsBtf93fDLXwmy/0VG9L6uDf/3MKl+RYs4PQGe+QQSmXTgqcbHr5ug\nNEFDDK0C9k0Gd0Zl/Z29H6vZWJH9E4ur/xZToeADc3sQT/Ga78LwF8s5EtOPuGVD\nOyCUoLQJgofJWKk2Tp5gKogB\n-----END PRIVATE KEY-----"

}

----

== Errors

=== HTTP status code

|===

|Code |Message

| ```500```

| Unexpected error while creating and signing the token

|===