Get Signed JWT
The Get Signed JWT task is used to sign a JWT (JSON Web Token).
Using the RS256 algorithm, the task ensures robust cryptographic security during JWT signing. The resulting token effectively encapsulates specified authorization scopes and incorporates a TTL (time-to-live) mechanism to enforce its expiration, thereby maintaining secure access control.
Task parameters
Configure these parameters for the Get Signed JWT task.
| Parameter | Description | Required/ Optional |
|---|---|---|
| inputParameters. subject | The subject of the JWT, typically representing the entity (e.g., user or service) for which the token is issued. | Required. |
| inputParameters issuer | The entity issuing the JWT, identifying who created and signed the token. | Required. |
| inputParameters. privateKey | The private key used to sign the JWT. | Required. |
| inputParameters. privateKeyId | The identifier for the private key used to sign the JWT. | Required. |
| inputParameters. audience | The intended recipient(s) of the JWT. | Required. |
| inputParameters. ttlInSeconds | The time-to-live (TTL) or expiration time of the JWT, specified in seconds. | Required. |
| inputParameters. scopes | The scopes associated with the JWT, defining the access permissions granted by the token. It can be a string or an array of strings. | Required. |
| inputParameters. algorithm | The signing algorithm to use for the JWT. Currently set to RS256, which refers to the RSA signature with the SHA-256 hash algorithm. | Required. |
Task output
The Get Signed JWT task will return the signed JWT in the secret variable _secrets. The signed JWT will be masked (***).
Task configuration
This is the task configuration for a Get Signed JWT task.
{
"name": "get_signed_jwt",
"taskReferenceName": "get_signed_jwt_ref",
"inputParameters": {
"subject": "${workflow.input.subject}",
"issuer": "${workflow.input.issuer}",
"privateKey": "${workflow.secrets.jwt-privatekey}",
"privateKeyId": "key-123",
"audience": "${workflow.input.audience}",
"ttlInSeconds": 3600,
"scopes": "${workflow.input.scope}",
"algorithm": "RS256"
},
"type": "GET_SIGNED_JWT"
}
Adding a Get Signed JWT task in UI
To add a Get Signed JWT task:
- In your workflow, select the (+) icon and add a Get Signed JWT task.
- Enter the Subject and Issuer of the JWT.
- Provide the PrivateKey and PrivateKeyId used for signing JWT.
- Set the Audience, TTL (in seconds), Scopes, and Algorithm as required.
Examples
Here are some examples for using the Get Signed JWT task.
Authorization
{
"name": "get_signed_jwt_token",
"taskReferenceName": "get_signed_jwt_token_ref",
"inputParameters": {
"privateKey": "${workflow.secrets.gcp_private_key}",
"privateKeyId": "${workflow.secrets.gcp_private_key_id}",
"audience": "https://oauth2.googleapis.com/token",
"ttlInSecond": 3600,
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/documents",
"https://www.googleapis.com/auth/drive"
],
"subject": "service-account-name@project-id.iam.gserviceaccount.com",
"issuer": "service-account-name@project-id.iam.gserviceaccount.com"
},
"type": "GET_SIGNED_JWT",
}