A request
property JWT enables OIDC/OAuth2 request parameters to be passed as a single, self-contained parameter. Using a JWT enables integrity protection of parameters that are required for risk-based authentication or privacy and consent use cases.
This sample shows the information required in a transaction approval JWT:
"jwtHeader": {
"alg": "HS256",
"typ": "JWT"
},
"jwtBody":
{
"aud": "https://auth.pingone.com/{{envId}}/as",
"iss": "{{appId}}",
"pi.template": {
"name": "transaction",
"variant": "{{variantName}}",
"variables": {
"sum": "1,000,000",
"currency": "USD",
"recipient": "Charlie Parker"
}
},
"pi.clientContext": {
"alert.color": "red"
}
}
The following information describes the OIDC parameters and the steps for generating and signing the token.
Install a JWT token generator such as jwtgen globally using npm install -g jwtgen
. This action requires npm.
Retrieve the environment id
property value associated with your worker application and user.
Retrieve the clientId
and clientSecret
property values for the worker application.
Retrieve the name of the transaction notification template that you want to use.
The command to generate the request
JWT takes the following parameters:
Parameter | Description |
---|---|
-a |
Specifies the JWT signing algorithm. Options are HS256 . |
-s |
Specifies the signing key, which is the application’s clientSecret property value. |
--claims |
Specifies the claims required by the token:
|
The following command creates a JWT for the request
property specified in the authorization request:
jwtgen
command.jwtgen -a "HS256" -s "<applicationSecret>" --claims '{
"aud":"https://auth.pingone.com/{{envId}}/as",
"iss":"{{appId}}",
"pi.template":{"name":"transaction","variables":{"sum":"1,000,000","currency":"USD","recipient":"Charlie Parker"}},
"pi.clientContext":{"alert.color":"red"}}'
request
property in the authorize request.