JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

JWT's are useful for functionalities - Authorization, Single Sign On is a feature that widely uses JWT now, because of its small overhead and its ability to be easily used across different domains, and Information Exchange, securely transmitting information between parties because JWTs can be signed.

Source: JWT

JSON Web Token Structure with example output created in DataWeave Playground :

A JWT is represented as a sequence of base64url encoded values that are separated by period characters.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.

eyJmaXJzdE5hbWUiOiJTaGFyYXRoIiwibGFzdE5hbWUiOiJHb3dkYSJ9.

7CnVolSRu4OK0dxrTkCMcJQg42agWOO51W7y2fXwBXw

Color-coded: Header (Green), Payload (Red) and Signature (Blue).

This codelab contains the step-by-step procedures to create signed JSON Web Tokens using MuleSoft Anypoint Studio.

What you'll learn

How to import external modules locally onto Mule Project in Studio?

How to include and use a previously created DataWeave module in a Mule application?

How to implement creation of signed JWT's in Anypoint Studio?

What you'll need

JWT Module Project

https://github.com/mulesoft-consulting/jwt-dw-module

The commands are executed in MAC Terminal and Windows CMD Prompt.

  1. Check your local if JAVA is installed. JAVA8 and JAVA11 are compatible versions with most of the modules and below commands must be used to set it up locally.
JAVA_HOME="<Local Folder Path to JDK>/{JAVA8-JDK}/Contents/Home"
PATH="${JAVA_HOME}/bin:${PATH}"
export PATH
  1. Check your local if MAven is installed. Setup Apache Maven locally by executing below commands.
M2_HOME="<Local Folder Path to Maven>/{apache-maven-version}"
PATH="${M2_HOME}/bin:${PATH}"
export PATH
  1. Execute below commands to check the installations.
java -version
mvn -version
Note: Any Modules which are added from external sources will follow the similar steps. 
  1. Clone the repository to your local system. JWT Module Code:https://github.com/mulesoft-consulting/jwt-dw-module
git clone https://github.com/mulesoft-consulting/jwt-dw-module.git
  1. Remove "-SNAPSHOT" word from the pom.xml in the cloned repository of the Module.
  1. Run the below command inside the folder containing the pom.xml
mvn install -DskipTests
  1. "BUILD SUCCESS" ensures the dependency has been added to local .m2 Maven repository.

Following output must be seen in your terminal after completing all the steps.

Note: Any Modules which are added from external sources after being added to .m2 repository, must be added as "dependency" in pom.xml of Mule Project in Anypoint Studio.
  1. Add the below code snippet to your Mule Project's pom.xml
<dependency>
  <groupId>io.syntaxsugar.dataweave</groupId>
  <artifactId>jwt-dw-module</artifactId>
  <version>1.1.0</version>
</dependency>

Now we can generate signed JWTs by importing required libraries from the installed Module.

  1. Drag "Transform Message" component from the palette and copy this simple code snippet to create signed JWT.
%dw 2.0
import jwt::HMAC
output application/json
---
HMAC::JWT({
           "firstName": "Sharath",
           "lastName": "Gowda"
         }, "MuleSoft123!")  
  1. The output if saved in variable or shown in console via Logger component.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaXJzdE5hbWUiOiJTaGFyYXRoIiwibGFzdE5hbWUiOiJHb3dkYSJ9.7CnVolSRu4OK0dxrTkCMcJQg42agWOO51W7y2fXwBXw 
  1. Verify the signature created at JWT.io .

  1. In src/test/dwjwt, create a new folder called HMAC_Payload_Only. This folder will contain a unit test against which we are testing calling HMAC::JWT with only a payload and key.
  2. In src/test/dwjwt/HMAC_Payload_Only, create transform.dwl and paste the following code:
%dw 2.0
import jwt::HMAC
output application/json
---
HMAC::JWT({
           "firstName": "Sharath",
           "lastName": "Gowda"
         }, "MuleSoft123!")  
  1. In src/test/dwjwt/HMAC_Payload_Only, create output.json and paste the following:
"eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0.eyJmaXJzdE5hbWUiOiAiU2hhcmF0aCIsImxhc3ROYW1lIjogIkdvd2RhIn0.Jrmtj5GA7bOVR8fa_n7jwKpPha48e7dvZVRDGIqnbsE"
  1. Open your local system's terminal and run below command.
mvn test
  1. Following output shown in the terminal indicates that the test is passing.

In this codelab, you learned how to import modules into your Mule project in Anypoint Studio and use them in your flows.

Happy learning.