LinkedIn
Copied!

Table of Contents

Token profile data instance

Version:

Only available versions of this content are shown in the dropdown

Create a JSON Web Token (JWT) profile data instance to confirm a user's identity between two different processes. You can configure Pega Platform to act as both a producer or a consumer of JWT.

JWT is an open standard that defines a compact and self-contained method to securely exchange information between different parties as a JSON object. For example, the token can contain information about a user that another party can use to validate the identity of the user.

The Pega Platform server can act as a trusted third-party that generates or validates a JWT after you complete fill out the token profile form and provide the required information.

Token profiles

Use a JWT to securely exchange information between two different parties. For example, a JWT can carry information about a user that another party can use to authenticate the identity of the user.

Token profiles have two purposes:

  • generation
  • processing
Generation token profiles

A generation token profile specifies how Pega Platform generates a given JWT.

The generation JWT profile data instance consists of the following pieces:

  • one or more headers
  • claims and a security configuration specifying no security
  • a signed token
  • an encrypted token
  • or a combination that uses both signing and encryption
You can use the profile to specify the following information:
  • token lifetime
  • timeout option
  • if the profile should include a processing JWT profile

You can use JWTs to exchange information securely between Pega Platform and another party. The following table lists common uses for JWTs in Pega Platform:

JWT uses in Pega Platform JWT
Authentication Holds user information that can be used by another party to authenticate the identity of the user presenting the token.

By default Pega Platform automatically adds the following claims to the JWT header when it generates the token:

JTW header claims Description
alg The configured JWS algorithm, if you added one in the Security section, on the Generation tab.
typ The type is always JWT.
kid The Key ID is a unique ID that the JWT run time process generates for each token generated.
crit Headers that are marked as critical on the Generation tab.

When you create a generation token profile, Pega Platform supports the following fields:

Security Configuration Support Fields
Signature Signature type, Signature algorithm, Keystore, Alias, and Password.
Encryption Encryption type, Key encryption algorithm, Password, Truststore, Alias, and Content encryption type.
Signature & Encryption For JSON Web Signature (JWS): Signature type, Signature algorithm, Keystore, Alias, and PasswordEncryption type.

JSON Web Encryption (JWE):Encryption type, Key encryption algorithm, Password, Truststore, Alias, and Content encryption type

None N/A

To create a Generation JSON Web Token, see Creating a generation JSON Web Token profile.

Processing token profiles

A processing token profile specifies how Pega Platform validates the signature and decrypts each JSON Web Token that it receives.

The processing JWT profile data instance consists the following:

  • one or more claims validations
  • claims mappings
  • security configuration that specifies one of the following:
    • signing
    • decryption
    • combination that uses both signing and decryption
    • no security

You can use JWTs to exchange information securely between Pega Platform and another party. The following table lists common uses for JWTs in Pega Platform:

JWT uses in Pega Platform JWT
Authentication Holds user information that can be used by another party to authenticate the identity of the user presenting the token

When you create a processing token profile, Pega Platform supports the following fields:

  • Signature configuration
  • Signature type
  • Truststore

To create a Processing JSON Web Token, see Creating a processing JSON Web Token profile.

Access token profile data instance

To access the token profile data instance in the navigation panel Dev Studio, click Records Security Token Profile .

  • Creating a token profile

    Use a JSON Web Token (JWT) to exchange information securely between two different parties. For example, a JWT can carry information about a user that can be used by another party to authenticate the identity of the user.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.