JWT authentication

Note: This feature is available in Enterprise, AWS, Team editions only.

Go to the Administration menu and enable JWT Token in the Server configuration tab.

1. Create your jwt token necessarily with a valid and secure secret (big enough)

You can use our template for the payload: {"email": "example@emal.com", "firstName": "Test", "lastName": "User"}

In this template you can change/add the attributes as you want, but you will need to set them in point 2

2. Go to the Identity Providers tab and create a new configuration using the JWT Token details.

• Cookie name - is the name of the cookie that you will pass to your browser
• Email attribute - is the name of the email attribute in your jwtToken, 'email' by default
• Team attribute - is the name of the team attribute in your jwtToken, 'team' by default
• First name attribute - is the name of the first name attribute in your jwtToken, 'firstName' by default
• Last name attribute - is the name of the last name attribute in your jwtToken, 'lastName' by default
• Public key - must be specified if you have encrypted your jwt token (carefully it is not a Secret key).
• Secret key - parameter, specified when creating a jwt token, must be large enough and secure, otherwise it will be considered invalid (256 bit), e.g. on jwt.io:

In order to test your authentication, you'll need to:

1. Create a jwt token on jwt.io or any other method

   Encrypt it if you need to do so

• 1.1. Private Key - in the case of encryption we write in the Secret key The private key must

  begin with -----BEGIN PRIVATE KEY-----

  end -----END PRIVATE KEY-----

  you can insert the key with or without these captions.

• 1.2. Public Key - in the case of coding, we write in the Public key

  The public key must

  begin with -----BEGIN PUBLIC KEY-----

  end -----END PUBLIC KEY-----

  you can insert the key with or without these captions.

You only need to specify the keys when encrypting

2. Insert your jwtToken into your browser cookie, for example for google chrome:

2.1. Press F12 on Windows or CTRL + SHIFT + C on Linux, also you can right click on the page and click inspect 2.2. Choose Application -> Cookies on your website

2.3. Add your cookie with your cookie name

2.4. Insert your cookie name as name, and your jwt token as value, example:

3. Refresh your page

If you initially go in with a customized JWT and passed the jwt Token via cookie, you don't need to refresh the page, it will already use it, in my example setting up a manual jwt Token substitution