Documentation

JSON Web Token

JSON Web Token¶

Authentication
JSON Web Token

What is JSON Web Token¶

JSON Web Token (or JWT) is a compact token that is usually sent in HTTP Authorization headers or URL parameters. It represents a JSON object that is signed using JSON Web Signature.

JWT consists of three parts: Header, Payload (often called JWT Claims) and Signature made of a hashing algorithm combined with the header and claims. Once these parts are Base64 encoded, the token is ready.

Paw allows you to generate a JWT via JSON Web Token (JWT) Auth dynamic value extension.

Use JSON Web Token¶

Install the extension and add the dynamic value

Install the extension and add the dynamic value¶

On the page JSON Web Token (JWT) Auth dynamic value extension, hit the Install Extension button.

Insert the JSON Web Token dynamic value in the field where you need to put your JWT. Press { to trigger the autocomplete. Then click on the inserted dynamic value to set the input.

Add custom fields for the Header if needed

Add custom fields for the Header if needed¶

Paw prefills the fields for typ and alg. The default value for alg is HS256, but you can change it to RS256, depending on the service you are authenticating against. If you need to add a custom header just click on the plus button and set the input.

Add the required JWT Claims in Payload

Add the required JWT Claims in Payload¶

Click on the field to set the input type.

Use dynmaic values inside the fields, i.e. Timestamp and Nonce

Insert a Timestamp dynamic value for iat and exp.

Insert a Nonce dynamic value for jti.

Tick the box for Time Fields if you want to autamatically add iat and exp (60 seconds).

Add the Secret and tick the box bellow if the Secret is Base64

Add the Secret and tick the box bellow if the Secret is Base64¶

If you are using HS256 algorithm, paste your client secret in the Secret field. For RS256 paste your private key in this field.

Check your JWT and send the request

Check your JWT and send the request¶

The JSON Web Token is now ready. You can debug it on JWT.IO, just copy it from Paw and paste it there.

Re-use values from JSON Web Token¶

To decode a JWT and re-use a value from it in further requests you can use our JSON Web Token (JWT) Decode dynamic value. The following steps describe how to use it in Paw.

Install and insert the dynamic value

Install and insert the dynamic value¶

Download the JSON Web Token (JWT) Decode dynamic value extension and insert the dynamic value in the field where you need the decoded value from JWT.

Set your JWT as input

Set your JWT as input¶

Paste your JWT in the input field or extract the JWT from a previous response/request with a dynamic value.

Extract the value

Extract the value¶

Filter the value out of the header or the payload by keypath.