Generates a JSON Web Token, JWT. Typically used in OpenID Connect scenarios.


Name Description Default value Mandatory Supports property expansion
subjectattribute Attribute holding the value put into the sub of the token. true true
keystore ID of the keystore used for signing the token. true false
tokenattributes Any additional attributes to include in the token. Configuration shown in example below. false true

Example Configuration

    "name": "GenerateJWTTokenVavle",
    "enabled": "true",
    "config": {
        "subjectattribute" : "{{session.user_id}}",
        "keystore" : "d2c3094d-f538-4abc-9211-cd26c46606d3",


General information

Token TTL is 90 seconds.

Attributes always added to the payload are:

  • sub - the user identifier
  • iat - Issued at
  • nbf - Not before
  • exp - Expiration
  • jti - Token identifier

Sign algo is RS256.

Dates are formatted according to:

Value representing the number of seconds from 1970-01-01T00:00:00Z UTC
until the specified UTC date/time, ignoring leap seconds.