# jwt (plugins.jwt) ## Overview The `JWT` plugin facilitates operations involving JSON Web Tokens, such as creating, signing, and verifying tokens. It provides various algorithms, including `SHA256`, `SHA384`, and `SHA512` in combination with `ECDSA` or `RSA`, allowing flexible cryptographic operations. These algorithms can be configured with public and private keys for signing and verification, or with shared secrets for symmetric encryption. Developers can use the `builder()` method to create tokens dynamically by specifying payloads and signing them with a chosen algorithm. Alternatively, simplified methods are available, like `create(payload)` or `create(payload, expiresAt)`, which use pre-configured `HmacSHA256` algorithms and shared secret keys for signing. Token verification can be performed using `verify(token)` for default algorithms or `verify(token, algorithm)` for custom cryptographic configurations. The plugin also supports building algorithms based on external JSON Web Key Sets (JWKS) using the `JWK(url)` method. These features collectively enable robust and secure token-based authentication systems. ## Properties | Property | Description | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | | `jwt.secret.password` | Shared secret, used to sign and verify the JWT tokens. Should be the same on all servers that want to sign or verify the same tokens. | ## **Returned Types** [JWTClaims](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/jwtclaims), ## Methods Summarized | Type | Name | Summary | | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------- | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES256(publicKey)](#es256-publickey) | Builder to create a new Algorithm instance using SHA256withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES256(publicKey, privateKey)](#es256-publickey-privatekey) | Builder to create a new Algorithm instance using SHA256withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES256(publicKey)](#es256-publickey) | Builder to create a new Algorithm instance using SHA256withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES256(publicKey, privateKey)](#es256-publickey-privatekey) | Builder to create a new Algorithm instance using SHA256withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES384(publicKey)](#es384-publickey) | Builder to create a new Algorithm instance using SHA384withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES384(publicKey, privateKey)](#es384-publickey-privatekey) | Builder to create a new Algorithm instance using SHA384withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES384(publicKey)](#es384-publickey) | Builder to create a new Algorithm instance using SHA384withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES384(publicKey, privateKey)](#es384-publickey-privatekey) | Builder to create a new Algorithm instance using SHA384withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES512(publicKey)](#es512-publickey) | Builder to create a new Algorithm instance using SHA512withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES512(publicKey, privateKey)](#es512-publickey-privatekey) | Builder to create a new Algorithm instance using SHA512withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES512(publicKey)](#es512-publickey) | Builder to create a new Algorithm instance using SHA512withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [ES512(publicKey, privateKey)](#es512-publickey-privatekey) | Builder to create a new Algorithm instance using SHA512withECDSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [HS256()](#hs256) | Create a new Algorithm instance using HmacSHA256. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [HS256(password)](#hs256-password) | Create a new HmacSHA256 Algorithm using the specified password. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [HS384()](#hs384) | Create a new Algorithm instance using HmacSHA384. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [HS384(password)](#hs384-password) | Create a new HmacSHA384 Algorithm using the specified password. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [HS512()](#hs512) | Create a new Algorithm instance using HmacSHA512. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [HS512(password)](#hs512-password) | Create a new Algorithm instance using HmacSHA512. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [JWK(url)](#jwk-url) | Builder to create an algorithm instance based on a Json Web Key Set (JWKS) url. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA256(publicKey)](#rsa256-publickey) | Builder to create a new Algorithm instance using SHA256withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA256(publicKey, privateKey)](#rsa256-publickey-privatekey) | Builder to create a new Algorithm instance using SHA256withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA256(publicKey)](#rsa256-publickey) | Builder to create a new Algorithm instance using SHA256withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA256(publicKey, privateKey)](#rsa256-publickey-privatekey) | Builder to create a new Algorithm instance using SHA256withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA384(publicKey)](#rsa384-publickey) | Builder to create a new Algorithm instance using SHA384withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA384(publicKey, privateKey)](#rsa384-publickey-privatekey) | Builder to create a new Algorithm instance using SHA384withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA384(publicKey)](#rsa384-publickey) | Builder to create a new Algorithm instance using SHA384withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA384(publicKey, privateKey)](#rsa384-publickey-privatekey) | Builder to create a new Algorithm instance using SHA384withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA512(publicKey)](#rsa512-publickey) | Builder to create a new Algorithm instance using SHA512withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA512(publicKey, privateKey)](#rsa512-publickey-privatekey) | Builder to create a new Algorithm instance using SHA512withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA512(publicKey)](#rsa512-publickey) | Builder to create a new Algorithm instance using SHA512withRSA. | | [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) | [RSA512(publicKey, privateKey)](#rsa512-publickey-privatekey) | Builder to create a new Algorithm instance using SHA512withRSA. | | [Builder](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/builder) | [builder()](#builder) | Returns a JSON Web Token token builder. | | [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) | [create(payload)](#create-payload) | Create a JSON Web Token for the given payload that is signed with the (shared) secret key 'jwt. | | [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) | [create(payload, expiresAt)](#create-payload-expiresat) | Create a JSON Web Token for the given payload that is signed with the HS256 algorithm and the (shared) secret key 'jwt. | | [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) | [verify(token)](#verify-token) | Verify a JSON Web Token with the HS256 algorithm and the (shared) secret key 'jwt. | | [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) | [verify(token, algorithm)](#verify-token-algorithm) | Verify a JSON Web Token with a specific algorithm. | | [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) | [verify(token, algorithm, acceptNotBefore)](#verify-token-algorithm-acceptnotbefore) | Verify a JSON Web Token with a specific algorithm. | ## Methods Detailed ### ES256(publicKey) Builder to create a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm builder used to sign or verify JSON Web Tokens. ### ES256(publicKey, privateKey) Builder to create a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **privateKey** a byte array representing the privateKey (mostly used to create tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### ES256(publicKey) Builder to create a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm builder used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.ES256('MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEV....') .kid('2X9R4H....') ``` ### ES256(publicKey, privateKey) Builder to create a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **privateKey** a String representing the privateKey (mostly used to create tokens)\ The private key is assumed to be encoded according to the PKCS #8 standard. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.ES256.publicKey('MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEV....', 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wa...') .kid('2X9R4H....') ``` ### ES384(publicKey) Builder to create a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm builder used to sign or verify JSON Web Tokens. ### ES384(publicKey, privateKey) Builder to create a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **privateKey** a byte array representing the privateKey (mostly used to create tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### ES384(publicKey) Builder to create a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm builder used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.ES384('MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEV....') .kid('2X9R4H....') ``` ### ES384(publicKey, privateKey) Builder to create a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **privateKey** a String representing the privateKey (mostly used to create tokens)\ The private key is assumed to be encoded according to the PKCS #8 standard. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.ES384.publicKey('MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEV....', 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wa...') .kid('2X9R4H....') ``` ### ES512(publicKey) Builder to create a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm builder used to sign or verify JSON Web Tokens. ### ES512(publicKey, privateKey) Builder to create a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **privateKey** a byte array representing the privateKey (mostly used to create tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### ES512(publicKey) Builder to create a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm builder used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.ES512('MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEV....') .kid('2X9R4H....') ``` ### ES512(publicKey, privateKey) Builder to create a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **privateKey** a String representing the privateKey (mostly used to create tokens)\ The private key is assumed to be encoded according to the PKCS #8 standard. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.ES512.publicKey('MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEV....', 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wa...') .kid('2X9R4H....') ``` ### HS256() Create a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256".\ The password used to configure the algorithm is the (shared) secret key 'jwt.secret.password' that has to be configured on the admin page for this plugin. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.HS256() ``` ### HS256(password) Create a new HmacSHA256 Algorithm using the specified password. Tokens specify this as "HS256". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **password** the secret used to encrypt and decrypt the tokens **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### HS384() Create a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384".\ The password used to configure the algorithm is the (shared) secret key 'jwt.secret.password' that has to be configured on the admin page for this plugin. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.HS384() ``` ### HS384(password) Create a new HmacSHA384 Algorithm using the specified password. Tokens specify this as "HS384". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **password** the secret used to encrypt and decrypt the tokens **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.HS384('your secret password.....') ``` ### HS512() Create a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512".\ The password used to configure the algorithm is the (shared) secret key 'jwt.secret.password' that has to be configured on the admin page for this plugin. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.HS512.secret() ``` ### HS512(password) Create a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **password** the secret used to encrypt and decrypt the tokens **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.HS512.secret('your secret password.....') ``` ### JWK(url) Builder to create an algorithm instance based on a Json Web Key Set (JWKS) url.\ Please note that the returned algorithm can only be used to verify tokens. **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **url** the jwks url **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm which can only be used to VERIFY Json Web Tokens. **Sample** ```js var alg = plugins.jwt.JWK('https://....') var verified = plugins.jwt.verify(token, alg) ``` ### RSA256(publicKey) Builder to create a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify Json Web Tokens. ### RSA256(publicKey, privateKey) Builder to create a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **privateKey** a byte array representing the privateKey (mostly used to create tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify Json Web Tokens. ### RSA256(publicKey) Builder to create a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify Json Web Tokens. **Sample** ```js plugins.jwt.RSA256('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis...') .kid('2X9R4H....') ``` ### RSA256(publicKey, privateKey) Builder to create a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **privateKey** a String representing the privateKey (mostly used to create tokens).\ The private key is assumed to be encoded according to the PKCS #8 standard. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify Json Web Tokens. **Sample** ```js plugins.jwt.RSA256('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis...', 'MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvB...') .kid('2X9R4H....') ``` ### RSA384(publicKey) Builder to create a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### RSA384(publicKey, privateKey) Builder to create a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **privateKey** a byte array representing the privateKey (mostly used to create tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### RSA384(publicKey) Builder to create a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.RSA384('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis...') .kid('2X9R4H....') ``` ### RSA384(publicKey, privateKey) Builder to create a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **privateKey** a String representing the privateKey (mostly used to create tokens)\ The private key is assumed to be encoded according to the PKCS #8 standard. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.RSA384.publicKey('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis...', 'MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvB...') .kid('2X9R4H....') ``` ### RSA512(publicKey) Builder to create a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### RSA512(publicKey, privateKey) Builder to create a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". **Parameters** * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **publicKey** a byte array representing the publicKey (mostly used to verify tokens) * [Array](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/array) **privateKey** a byte array representing the privateKey (mostly used to create tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. ### RSA512(publicKey) Builder to create a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.RSA512('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis...') .kid('2X9R4H....') ``` ### RSA512(publicKey, privateKey) Builder to create a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **publicKey** a String representing the publicKey (mostly used to verify tokens) * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **privateKey** a String representing the privateKey (mostly used to create tokens)\ The private key is assumed to be encoded according to the PKCS #8 standard. **Returns:** [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) an algorithm used to sign or verify JSON Web Tokens. **Sample** ```js plugins.jwt.RSA512('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis...','MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvB...') .kid('2X9R4H....') ``` ### builder() Returns a JSON Web Token token builder. **Returns:** [Builder](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/builder) an object which creates a jwt token. **Sample** ```js var algorithm = plugins.jwt.ES256(publicKey, privateKey); var token = plugins.jwt.builder() .payload({'some': 'data', 'somemore': 'data2'}) .sign(algorithm); if (token != null) { //success application.output(token); } else { application.output('Could not create a token.'); } var verified = plugins.jwt.verify(token, algorithm); if (verified != null) { //success application.output(verified); } else { application.output('The token is not valid.'); } ``` ### create(payload) Create a JSON Web Token for the given payload that is signed with the (shared) secret key 'jwt.secret.password'.\ The 'jwt.secret.password' plugin property has to be configured on the admin page.\ The payload can be for example a user:username of the current user, so that with this token if it verifies with the same secret key you can assume it is the same user that wants to login.\ This is a shorthand method of the #builder() method with a HS256 algorithm. **Parameters** * [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) **payload** a json containing the data,\ e.g. {'some': 'data', 'somemore': 'data2'} **Returns:** [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) a string representing the encrypted data\ or null if the token cannot be generated ### create(payload, expiresAt) Create a JSON Web Token for the given payload that is signed with the HS256 algorithm and the (shared) secret key 'jwt.secret.password'.\ The 'jwt.secret.password' plugin property has to be configured on the admin page.\ The payload can be for example a user:username of the current user, so that with this token if it verifies with the same secret key you can assume it is the same user that wants to login.\ The expiresAt makes sure this token is only valid until that date.\ This is a shorthand method of the #builder() method with a HS256 algorithm. **Parameters** * [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) **payload** a json containing the data,\ e.g. {'some': 'data', 'somemore': 'data2'} * [Date](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/date) **expiresAt** the date when the created token expires,\ after the expired date the token won't be verified **Returns:** [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) a string representing the encrypted data\ or null if the token cannot be generated ### verify(token) Verify a JSON Web Token with the HS256 algorithm and the (shared) secret key 'jwt.secret.password'.\ The 'jwt.secret.password' plugin property has to be configured on the admin page.\ This will only verify and return the payload that was given if the token was created with the HS256 algorithm and the 'jwt.secret.password'.\ Will also return null if the token passed its expire date. **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **token** a JSON Web Token **Returns:** [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) the payload or null if the token can't be verified ### verify(token, algorithm) Verify a JSON Web Token with a specific algorithm.\ The token could be external or created with the #builder() method. This will only verify and return the payload that was given if the token could be verified with the provided algorithm.\ Will also return null if the token passed its expire date. **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **token** a JSON Web Token * [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) **algorithm** an algorithm used to verify the signature **Returns:** [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) the payload or null if the token can't be verified ### verify(token, algorithm, acceptNotBefore) Verify a JSON Web Token with a specific algorithm.\ The token could be external or created with the #builder() method. This will only verify and return the payload that was given if the token could be verified with the provided algorithm.\ Will also return null if the token passed its expire date. **Parameters** * [String](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/string) **token** a JSON Web Token * [Algorithm](https://docs.servoy.com/reference/servoyextensions/server-plugins/jwt/algorithm) **algorithm** an algorithm used to verify the signature * [Number](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/number) **acceptNotBefore** a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid.\ Not Before Date is always verified when the value is present **Returns:** [Object](https://docs.servoy.com/reference/servoycore/dev-api/js-lib/object) the payload or null if the token can't be verified ***