Token profile data instance
Create a JSON Web Token (JWT) profile data instance to confirm a user's identity between two different processes. You can configure Pega Platform to act as both a producer or a consumer of JWT.
JWT is an open standard that defines a compact and self-contained method to securely exchange information between different parties as a JSON object. For example, the token can contain information about a user that another party can use to validate the identity of the user.The Pega Platform server can act as a trusted third-party that generates or validates a JWT after you complete fill out the token profile form and provide the required information.
Token profiles
Use a JWT to securely exchange information between two different parties. For example, a JWT can carry information about a user that another party can use to authenticate the identity of the user.
Token profiles have two purposes:
- generation
- processing
A generation token profile specifies how Pega Platform generates a given JWT.
The generation JWT profile data instance consists of the following pieces:
- one or more headers
- claims and a security configuration specifying no security
- a signed token
- an encrypted token
- or a combination that uses both signing and encryption
- token lifetime
- timeout option
- if the profile should include a processing JWT profile
You can use JWTs to exchange information securely between Pega Platform and another party. The following table lists common uses for JWTs in Pega Platform:
JWT uses in Pega Platform | JWT |
Authentication | Holds user information that can be used by another party to authenticate the identity of the user presenting the token. |
By default Pega Platform automatically adds the following claims to the JWT header when it generates the token:
JTW header claims | Description |
alg | The configured JWS algorithm, if you added one in the Security section, on the Generation tab. |
typ | The type is always JWT. |
kid | The Key ID is a unique ID that the JWT run time process generates for each token generated. |
crit | Headers that are marked as critical on the Generation tab. |
When you create a generation token profile, Pega Platform supports the
following fields:
Security Configuration | Support Fields |
Signature | Signature type, Signature algorithm, Keystore, Alias, and Password. |
Encryption | Encryption type, Key encryption algorithm, Password, Truststore, Alias, and Content encryption type. |
Signature & Encryption | For JSON Web Signature (JWS): Signature type,
Signature algorithm, Keystore,
Alias, and
PasswordEncryption type. JSON Web Encryption (JWE):Encryption type, Key encryption algorithm, Password, Truststore, Alias, and Content encryption type |
None | N/A |
To create a Generation JSON Web Token, see Creating a generation JSON Web Token profile.
Processing token profilesA processing token profile specifies how Pega Platform validates the signature and decrypts each JSON Web Token that it receives.
The processing JWT profile data instance consists the following:
- one or more claims validations
- claims mappings
- security configuration that specifies one of the following:
- signing
- decryption
- combination that uses both signing and decryption
- no security
You can use JWTs to exchange information securely between Pega Platform and another party. The following table lists common uses for JWTs in Pega Platform:
JWT uses in Pega Platform | JWT |
Authentication | Holds user information that can be used by another party to authenticate the identity of the user presenting the token |
When you create a processing token profile, Pega Platform supports the following fields:
- Signature configuration
- Signature type
- Truststore
To create a Processing JSON Web Token, see Creating a processing JSON Web Token profile.
Access token profile data instance
To access the token profile data instance in the navigation panel Dev Studio, click
.- Creating a token profile
Use a JSON Web Token (JWT) to exchange information securely between two different parties. For example, a JWT can carry information about a user that can be used by another party to authenticate the identity of the user.
Previous topic Restarting nodes Next topic Creating a token profile