JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
JWT's are useful for functionalities - Authorization, Single Sign On is a feature that widely uses JWT now, because of its small overhead and its ability to be easily used across different domains, and Information Exchange, securely transmitting information between parties because JWTs can be signed.
Source: JWT
JSON Web Token Structure with example output created in DataWeave Playground :
A JWT is represented as a sequence of base64url encoded values that are separated by period characters.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJmaXJzdE5hbWUiOiJTaGFyYXRoIiwibGFzdE5hbWUiOiJHb3dkYSJ9.
7CnVolSRu4OK0dxrTkCMcJQg42agWOO51W7y2fXwBXw
Color-coded: Header (Green), Payload (Red) and Signature (Blue).
This codelab contains the step-by-step procedures to create signed JSON Web Tokens using MuleSoft Anypoint Studio.
How to import external modules locally onto Mule Project in Studio?
How to include and use a previously created DataWeave module in a Mule application?
How to implement creation of signed JWT's in Anypoint Studio?
The commands are executed in MAC Terminal and Windows CMD Prompt.
JAVA_HOME="<Local Folder Path to JDK>/{JAVA8-JDK}/Contents/Home" PATH="${JAVA_HOME}/bin:${PATH}" export PATH
M2_HOME="<Local Folder Path to Maven>/{apache-maven-version}" PATH="${M2_HOME}/bin:${PATH}" export PATH
java -version mvn -version
Note: Any Modules which are added from external sources will follow the similar steps.
git clone https://github.com/mulesoft-consulting/jwt-dw-module.git
mvn install -DskipTests
Following output must be seen in your terminal after completing all the steps.
Note: Any Modules which are added from external sources after being added to .m2 repository, must be added as "dependency" in pom.xml of Mule Project in Anypoint Studio.
<dependency> <groupId>io.syntaxsugar.dataweave</groupId> <artifactId>jwt-dw-module</artifactId> <version>1.1.0</version> </dependency>
Now we can generate signed JWTs by importing required libraries from the installed Module.
Transform Message
" component from the palette and copy this simple code snippet to create signed JWT. %dw 2.0 import jwt::HMAC output application/json --- HMAC::JWT({ "firstName": "Sharath", "lastName": "Gowda" }, "MuleSoft123!")
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaXJzdE5hbWUiOiJTaGFyYXRoIiwibGFzdE5hbWUiOiJHb3dkYSJ9.7CnVolSRu4OK0dxrTkCMcJQg42agWOO51W7y2fXwBXw
src/test/dwjwt
, create a new folder called HMAC_Payload_Only
. This folder will contain a unit test against which we are testing calling HMAC::JWT
with only a payload and key.src/test/dwjwt/HMAC_Payload_Only
, create transform.dwl
and paste the following code:%dw 2.0 import jwt::HMAC output application/json --- HMAC::JWT({ "firstName": "Sharath", "lastName": "Gowda" }, "MuleSoft123!")
src/test/dwjwt/HMAC_Payload_Only
, create output.json
and paste the following:"eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0.eyJmaXJzdE5hbWUiOiAiU2hhcmF0aCIsImxhc3ROYW1lIjogIkdvd2RhIn0.Jrmtj5GA7bOVR8fa_n7jwKpPha48e7dvZVRDGIqnbsE"
mvn test
In this codelab, you learned how to import modules into your Mule project in Anypoint Studio and use them in your flows.
Happy learning.