Older version2.7 ValvesJWTGenerateJWTTokenVavle


Generates a JSON Web Token, JWT. Typically used in OpenID Connect scenarios.


Name Description Default value Mandatory Supports property expansion
subjectattribute Attribute holding the value put into the sub of the token. true true
keystore ID of the keystore used for signing the token. true false
expire_seconds Number of seconds the jwt token is valid (exp time will be now + this) 90 false false
tokenattributes Any additional attributes to include in the token. Configuration shown in example below. false true

Example Configuration

    "name": "GenerateJWTTokenVavle",
    "enabled": "true",
    "config": {
        "subjectattribute" : "{{session.user_id}}",
        "keystore" : "d2c3094d-f538-4abc-9211-cd26c46606d3",
        "expire_seconds" : "600",


General information

Token TTL is 90 seconds by default.

Attributes always added to the payload are:

  • sub - the user identifier
  • iat - Issued at
  • nbf - Not before
  • exp - Expiration
  • jti - Token identifier

Sign algo is RS256.

Dates are formatted according to:

Value representing the number of seconds from 1970-01-01T00:00:00Z UTC
until the specified UTC date/time, ignoring leap seconds.