Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Token profile data instance

Updated on March 15, 2022

Create a JSON Web Token (JWT) profile data instance to confirm a user's identity between two different processes. You can configure Pega Platform to act as both a producer or a consumer of JWT.

JWT is an open standard that defines a compact and self-contained method to securely exchange information between different parties as a JSON object. For example, the token can contain information about a user that another party can use to validate the identity of the user.

The Pega Platform server can act as a trusted third-party that generates or validates a JWT after you complete fill out the token profile form and provide the required information.

Token profiles

Use a JWT to securely exchange information between two different parties. For example, a JWT can carry information about a user that another party can use to authenticate the identity of the user.

Token profiles have two purposes:

  • generation
  • processing
Generation token profiles

A generation token profile specifies how Pega Platform generates a given JWT.

The generation JWT profile data instance consists of the following pieces:

  • one or more headers
  • claims and a security configuration specifying no security
  • a signed token
  • an encrypted token
  • or a combination that uses both signing and encryption
You can use the profile to specify the following information:
  • token lifetime
  • timeout option
  • if the profile should include a processing JWT profile

You can use JWTs to exchange information securely between Pega Platform and another party. The following table lists common uses for JWTs in Pega Platform:

JWT uses in Pega PlatformJWT
AuthenticationHolds user information that can be used by another party to authenticate the identity of the user presenting the token.

By default Pega Platform automatically adds the following claims to the JWT header when it generates the token:

JTW header claimsDescription
algThe configured JWS algorithm, if you added one in the Security section, on the Generation tab.
typThe type is always JWT.
kidThe Key ID is a unique ID that the JWT run time process generates for each token generated.
critHeaders that are marked as critical on the Generation tab.

When you create a generation token profile, Pega Platform supports the following fields:

Security ConfigurationSupport Fields
SignatureSignature type, Signature algorithm, Keystore, Alias, and Password.
EncryptionEncryption type, Key encryption algorithm, Password, Truststore, Alias, and Content encryption type.
Signature & EncryptionFor JSON Web Signature (JWS): Signature type, Signature algorithm, Keystore, Alias, and PasswordEncryption type.

JSON Web Encryption (JWE):Encryption type, Key encryption algorithm, Password, Truststore, Alias, and Content encryption type

NoneN/A

To create a Generation JSON Web Token, see Creating a generation JSON Web Token profile.

Processing token profiles

A processing token profile specifies how Pega Platform validates the signature and decrypts each JSON Web Token that it receives.

The processing JWT profile data instance consists the following:

  • one or more claims validations
  • claims mappings
  • security configuration that specifies one of the following:
    • signing
    • decryption
    • combination that uses both signing and decryption
    • no security

You can use JWTs to exchange information securely between Pega Platform and another party. The following table lists common uses for JWTs in Pega Platform:

JWT uses in Pega PlatformJWT
AuthenticationHolds user information that can be used by another party to authenticate the identity of the user presenting the token

When you create a processing token profile, Pega Platform supports the following fields:

  • Signature configuration
  • Signature type
  • Truststore

To create a Processing JSON Web Token, see Creating a processing JSON Web Token profile.

Access token profile data instance

To access the token profile data instance in the navigation panel Dev Studio, click RecordsSecurityToken Profile.

  • Creating token profiles

    Use a JSON Web Token (JWT) to securely exchange information between two different parties. For example, a JWT can carry information about a user that can be used by another party to authenticate the identity of the user.

Related articles

Creating a generation JSON Web Token profileCreating a processing JSON Web Token profilePreviewing the JSON Web Token profile

Tags

Pega Platform 8.7 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us