Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#6024 #6072

Merged
merged 1 commit into from
Dec 5, 2022
Merged

#6024 #6072

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 37 additions & 2 deletions modules/reference/pages/feature/jwt/examples.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,43 @@
== Examples

=== Construct JWT for an application
=== Configure the JWT consumer
The following example shows how to configure the server for constructing a JSON Web Token (JWT) for an application.
When you add the jwt-1.0 feature and save your changes, Open Liberty adds the following default jwtConsumer element.
[source, xml]
----
<jwtConsumer id="defaultJWTConsumer">
</jwtConsumer>

In this default configuration, the following values are assumed.
The alg header of the consumed JWT is RS256. You can configure this value on the signatureAlgorithm attribute.
A JWT is considered to be valid within 5 minutes of the exp, nbf, and iat claims. You can configure this value on the clockSkew attribute.
You can reconfigure this default jwtConsumer element, or create one or more other jwtConsumer elements. Each jwtConsumer element must have a unique, URL-safe string specified as the id attribute. If the ID is missing, the jwtConsumer is not processed.

For JWT tokens that are signed with RS256 and an X.509 certificate, you must configure the trustStoreRef and trustAliasName attributes so that you can locate the signature verification key.
Import the JWT issuer's X.509 certificate into the truststore.
In the jwtConsumer element, specify the truststore ID and the certificate alias.
[source, xml]
----
<jwtConsumer id="defaultJWTConsumer">
</jwtConsumer>

The following example shows how to configure the server to construct a JSON Web Token (JWT) for an application:
==== Verify and parse JWT tokens in your application
The following example shows how to programmatically verify and parse JWT tokens by implementing the com.ibm.websphere.security.jwt.JwtConsumer and com.ibm.websphere.security.jwt.JwtToken APIs in your application.

Create a JwtConsumer object. If you do not specify a configuration ID, the object is tied to the default jwtConsumer configuration.
[source, xml]
----
com.ibm.websphere.security.jwt.JwtConsumer jwtConsumer = JwtConsumer.create();

If you specify a configuration ID, the object is tied to the jwtConsumer configuration with the specified ID.
[source, xml]
----
com.ibm.websphere.security.jwt.JwtConsumer jwtConsumer = JwtConsumer.create("jwtConsumer_configuration_id");

Verify and parse a JWT token by implementing the com.ibm.websphere.security.jwt.JwtToken API.
[source, xml]
----
JwtToken jwtToken = jwtConsumer.createJwt("Base64_encoded_JWT_token>");

[source, xml]
----
Expand Down