JWT Account

Account settings



Legend:
  • Expression icon (): Allows using JavaScript syntax to access SnapLogic Expressions to set field values dynamically (if enabled). If disabled, you can provide a static value. Learn more.
  • SnapGPT (): Generates SnapLogic Expressions based on natural language using SnapGPT. Learn more.
  • Suggestion icon (): Populates a list of values dynamically based on your Snap configuration. You can select only one attribute at a time using the icon. Type into the field if it supports a comma-separated list of values.
  • Upload : Uploads files. Learn more.
Learn more about the icons in the Snap settings dialog.
Field / Field set Type Description
Label String

Required. Specify a unique label for the account.

Default value: None.

Example: JWT Account
JWT Issuer Dropdown list/Expression Specify the principal entity that issues the JWT.

Default value: pipe.projectPath + '/' + pipe.label
Token TTL (seconds)* Integer

Specify the duration (in seconds) for which the token will be valid.

Minimum value: 60

Default value: 3600

Example: 6000
Secret type Dropdown list Choose the Secret type. The available options are:
  • KeyStore
  • Secret Key

Default value: KeyStore

Example: Secret key
Key Store String/Expression Specify the location of the Key Store file, can be in SLDB, on the host machine that is hosting the JCC, or any other unauthenticated endpoint such as https.

Default value: None.

Example: keystore.jks
KeyStore password String Appears when you select KeyStore for Secret type.

Specify the password for keystore. If the key associated with the alias has a password, that password should be the same as this KeyStore password.

Default value: None.

Example: keystorepswd1
Key Alias String/Suggestion Appears when you select KeyStore for Secret type.

The alias of the secret key to use when signing token.

Default value: None.

Example: mykeyalias
Secret Key String/Expression Appears when you select Secret key for Secret type.

Specify the secret key to use to generate digital signatures.

Note: This field allows pipeline parameters. When you select a secret key, a JWT token is generated, which must be verified using a JWT Validate Snap.

Troubleshooting

Error Reason Resolution
Error retrieving key for alias from KeyStore. Either the configuration is invalid or the key alias is missing. Verify that the KeyStore parameters in the account settings are accurate and that it contains the secret key associated with the specified alias.
Key store load error. The KeyStore specified is incorrect. Ensure the provided KeyStore password and type are correct and match the KeyStore requirements.

Regarding KeyStore

There are multiple ways to specify the Key Store. It can be:

  1. Located on SLFS (by uploading the Key Store file)

  2. On the host machine that is hosting the JCC

  3. On an accessible web location

To generate a Key Store file, one can use the keytool utility that comes packaged with JDKs. Here're some useful keytool commands:
  • To create a key store with an AES key
    keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg AES -keysize 256 -alias <key alias>
  • To create a key store with 512 bit key
    keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg HMACSHA1 -keysize 512 -alias <key alias>
  • To import keys from one key store to another
    keytool -importkeystore -srckeystore <src keystore file> -srcstoretype jceks  -destkeystore <dest keystore file> -deststoretype jceks -deststorepass <dest store password>
  • To update the password for a key in a keystore
    keytool -storetype jceks -keypasswd -keystore <keystore file> -alias <key alias> -keypass <old key password> -new <new key password>
  • To list keys in a key store file
    keytool -list -v  -storetype jceks -keystore <keystore file>