Skip to main content
Eptura Knowledge Center

Create a JSON Web Token (JWT)

  1. Last updated
  2. Save as PDF
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS). The full JWT specification can be found at http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html.

Most modern languages have JWT libraries available. We highly recommend that you use one of these libraries before trying to manually construct a token.

JWTs consist of three parts: Header, Claims & Signature. The header and claim set are JSON objects. These JSON objects are serialized to UTF-8 bytes, then encoded using the Base64url encoding.

Header

The header consists of two fields that indicate the signing algorithm and the format of the assertion. For example:

{"alg":"RS256","typ":"JWT"}

Claims

The JWT claims object contains security information about the message. For example:

{ 

"scope": "com.serraview.wf.sa.{report_secure_action_id}", 

"iss": "{service_account_id}", 

"aud": "https://{instance}.serraview.com/oauth2/token", 

"exp": 1417504039, 

"nbf": 1417500439 

}

Attribute

Type

Description

scope

String

Secure action id for the operation being performed.

 To access a Serraview Report via the Serraview V2 API, you must specify the report's Secured Action ID, refer to Find the Secured Action ID for a Report.

iss

String

The issuer of the claim i.e. Your service account id.

aud

String

The audience of the token. Note that this field is case-sensitive and we recommend you use lowercase.

exp

Long

Expiration time, as seconds since 00:00:00 UTC, Jan 1, 1970

nbf

Long

Not before time, as seconds since 00:00:00 UTC, Jan 1, 1970

Signature

The signature is computed by using the signing algorithm specified in the header. The only signing algorithm supported by the Serraview OAuth 2.0 Authorization Server is RSA using SHA-256 hashing algorithm. The signature must then be Base64url encoded. The input for the signature is the byte array of the following content:

{Base64url encoded header}.{Base64url encoded claim set}

The header, claim set, and signature are concatenated together with a period (.) character to form a complete JWT.

{Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}

Below is an example of a JWT that has been signed and is ready for transmission(Code has been formatted to fit in the code block):

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9. 

eyJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4 

MS9vYXV0aDIvdG9rZW4iLCJpc3MiOiIyc3VJVDk2dDMwdXg5S0pNZ28yUldBIiwiZXhwIjoxNDE2NjcyNTkzLCJuYmYiOjE0MTY2NDAxOTN9. 

T6xYRgQV9VER30CUYjmcE6ETItoKTCZv0j1DbhJ2CvCKOQ4hGJAW15A2LQ3NibtUW66xpgwXoy91rMDabNceL9A5uTqkC0Vd8bZxVqb 

BPtnnvLufJ29GXytp1ceouvBWYJDbEY2li6MwkZ8klUSTRxo22zvhBiMaNaOxCHf_8wNoa6S-XyhCO5pcYUB3J8nTh2CZ8ickYjJ0qILyW8RudlO7tC5A37Z8AwNgLGXdeH 

cX15T2dajlVQ7pkVKpJzCYQo28klw3nSMPFaA1lxKLkqvqB-RqLDFEQ2MLrqV6aKDgaGFc4j0RCCf1VwrIxYwNdDKov8oxNf9olClc5w