JSON web token

Overview

The JSON web token (JWT) extension is a Matrix package that lets you generate dynamic JSON web tokens (JWTs) from Matrix. The tokens can be used to integrate with third-party services and platforms that implement JWT authentication.

The JWTs created by the extension are signed using a secret and are encoded using the HMAC SHA256 standard.

Prerequisites

Read the following prerequisites and information before installing and using the JSON web token extension.

Table 1. Key package information

Minimum Matrix version

5.5.0.0

Extension type

Packages

Extension version

1.0.1

Installation method

`.tgz` archive

Asset category

Connector

Asset name

JSON Web Token

Asset availability

Admin mode only

Minimum user account level

System Administrator

JWT implementation

Read this section if you need to cross-check how the JWT implementation compares to a third-party JWT implementation.

Signing

Supported: HMAC SHA256
Not supported: RSA or ECDSA

Encryption

Not supported

Payload visibility

Signed (publicly visible).

All payload information is visible in the payload when decoded. Do not put sensitive information such as passwords in the payload.

© 2015-2020 Squiz Pty Ltd