Creating JSON Web Token (JWT) using JWT Sign Module In MuleSoft

  • September 13, 2022

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it’s digitally signed. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

JSON Web Token structure

JSON Web Token consist of three parts separated by dots (.), which are:

  1. Header: The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used.

    For example:

    {

      “alg”: “RS256”,

      “typ”: “JWT”

    }

  2. Payload: The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data.

    For example:

    {

       “sub”: “jwt-demo@test.com”,

       “aud”: “https://test.mulesoft.com”,

       “exp”: “1661508617”

    }

    Note regarding signed tokens: This information, though protected against tampering, is readable by anyone. Don’t put secret information in the payload or header elements of a JWT unless it’s encrypted.

  3. Signature: To create the signature part you have to take the Base64-URL encoded header, the Base64-URL encoded payload, a private key, the algorithm specified in the header, and sign that.

    The following shows a JWT that has the previous header and payload encoded, and it’s signed with a private key:

    eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqd3QtZGVtb0B0ZXN0LmNvbSIsImF1ZCI6Imh0dHBzOi8vdGVzdC5tdWxlc29mdC5jb20iLCJleHAiOjE2NjE1MDg2MTd9.WnXOmrIv2SRF940x5qGuiRUkPJ14rBMnDRc53NLCf8LbJXEiwiSlKaulQGwRwBsBBG1C2DcANVqabC1KkeCen5D1dKaaabGo8BtV83qiP9FyKIhRgl81ldzOZ0QuybqBF78-Tq8LpjAX6W4HIlU5Im6MhgARnWKillxPbnwK8t_AVxIFxl2JW_h0gNbqT9tnOR2YDFm3gNlfLvHEu01FgI8LW9VQLvEuCsEMSCaz7-t1JsQ9nH8wGoVnmU0NgCyRBMd3F0hoCDzIP1PMJSceOHVdlK4hsmsjmDLsVUT0aInhoWqeyVcJkoULmBB34VUazV0yjXLzup26jUvfFxkwlA

On several occasions, we need to create JWT in Mule applications to authorize our APIS with the target systems. To date, generating a signed JWT involves writing code, sometimes in DataWeave or Java, that completes the tasks of:

  • Encoding the JSON-formatted header information
  • Encoding the JSON-formatted payload information
  • Constructing the signature by applying a cryptographic algorithm
  • Combining the results into a Base64url encoded final result

MuleSoft JWT Sign Module simplifies this task and removes the need for any coding effort.

Deploying to Exchange

Deploy the module to AnyPoint Exchange to make it available within your organization exchange using these steps:

  1. Add connected app client_id and client_secret in your settings.xml file for authentication:
    JSON Web Token1

    Note: Make sure the server ID is the same in both pom.xml and settings.xml file and connected app has an exchange contributor role.

    Refer link for more information on connected app authentication: (https://us.nttdata.com/en/insights/technical-articles/2021/july/using-connected-app-in-anypoint-platform)

  2. Clone below repository to your local machine (https://github.com/mulesoft-catalyst/jwt-module.git)
  3. Open a terminal window, and navigate to the root directory of the repository.
  4. Execute the following command in your terminal window, replacing with your AnyPoint Platform Organization ID.

./deploy.sh <YOUR_ORG_ID>

This will publish the JWT connector to your organization exchange.

JSON Web Token2

Usage

  1. Copy the dependency snippet from exchange and add it to your project’s pom.xml dependencies section.
    2. JSON Web Token3
  2. Once added as dependency in pom.xml, JWT connector will be available in Mule pallet:
    3. JSON Web Token4
  3. Add the Sign connector to your Mule flow.
  4. Specify the JSON-formatted header and payload parts of JWT in Sign connector:
    5. JSON Web Token5
  5. Add module configuration for Sign connector:
    1. Click on the add icon to create a new configuration.
    2. Select the signature algorithm from the drop down, eg: RS256.
    3. Enter the location of the private key file.
    4. Enter the passphrase that was used to encrypt the private key. Leave it empty in case of an unencrypted private key.
      5. JSON Web Token6
  6. Run the application and it will generate a JWT.
  7. Verify the generated JWT using public key:
    8. JSON Web Token7

Summary

This JWT module simplifies the process of generating JWT by removing coding efforts on DataWeave or Java. The generated JWT can be used as a Bearer token for authorization in subsequent http requests.

References

  • https://github.com/mulesoft-catalyst/jwt-module
  • https://jwt.io/

— By Ujala Kumar Yadav