JSON web token


The JSON web token (JWT) extension is a Matrix package that lets you generate dynamic JSON web tokens (JWTs) from Matrix. The tokens can be used to integrate with third-party services and platforms that implement JWT authentication.

The JWTs created by the extension are signed using a secret and are encoded using the HMAC SHA256 standard.


Read the following prerequisites and information before installing and using the JSON web token extension.

Table 1. Key package information

Minimum Matrix version

Extension type


Extension version


Installation method

`.tgz` archive

Asset category


Asset name

JSON Web Token

Asset availability

Admin mode only

Minimum user account level

System Administrator

JWT implementation

Read this section if you need to cross-check how the JWT implementation compares to a third-party JWT implementation.


Supported: HMAC SHA256
Not supported: RSA or ECDSA


Not supported

Payload visibility

Signed (publicly visible).

All payload information is visible in the payload when decoded. Do not put sensitive information such as passwords in the payload.

© 2015- Squiz Pty Ltd