JWT module

Last update: March 14, 2025

The Adobe Workfront Fusion JWT app provides a module that creates JWT tokens based on the provided algorithm.

Access requirements

Expand to view access requirements for the functionality in this article.

You must have the following access to use the functionality in this article:

Adobe Workfront package	Any
Adobe Workfront license	New: Standard Or Current: Work or higher
Adobe Workfront Fusion license**	No Workfront Fusion license requirement
Product	New: Select or Prime Workfront package: Your organization must purchase Adobe Workfront Fusion. Ultimate Workfront package: Workfront Fusion is included. Or Current: Your organization must purchase Adobe Workfront Fusion.

For more detail about the information in this table, see Access requirements in documentation.

For information on Adobe Workfront Fusion licenses, see Adobe Workfront Fusion licenses.

The JWT connector uses the following:

API tag

v1.1.5

This module generates a JWT based on the selected algorithm.

Algorithm

Select algorithm with which you want to generate the JWT.

HS256: HMAC using SHA-256 hash algorithm
HS384: HMAC using SHA-384 hash algorithm
HS512: HMAC using SHA-512 hash algorithm
RS256: RSASSA-PKCS1-v1_5 using SHA-256 hash algorithm
RS384: RSASSA-PKCS1-v1_5 using SHA-384 hash algorithm
RS512: RSASSA-PKCS1-v1_5 using SHA-512 hash algorithm
PS256: RSASSA-PSS using SHA-256 hash algorithm (only Node ^6.12.0 OR >=8.0.0)
PS384: RSASSA-PSS using SHA-384 hash algorithm (only Node ^6.12.0 OR >=8.0.0)
PS512: RSASSA-PSS using SHA-512 hash algorithm (only Node ^6.12.0 OR >=8.0.0)
ES256: ECDSA using P-256 curve and SHA-256 hash algorithm
ES384: ECDSA using P-384 curve and SHA-384 hash algorithm
ES512: ECDSA using P-521 curve and SHA-512 hash algorithm

Payload For each payload item you want to add, click Add item and enter the item's key and value.

Options

For each option item you want to add, click Add item and enter the item's key and value.

The following keys are available:

algorithm: (default: RS256)
expiresIn: Expressed in seconds or a string describing a time span (e.g., 2 days, 10h, 7d). A numeric value is interpreted as a seconds count. If you use a string, be sure to provide the time units (days, hours, etc.), otherwise milliseconds unit is used by default (120 is equal to 120ms).
notBefore: Expressed in seconds or a string describing a time span (e.g., 2 days, 10h, 7d). A numeric value is interpreted as a seconds count. If you use a string, be sure to provide the time units (days, hours, etc.), otherwise milliseconds unit is used by default (120 is equal to 120ms).
audience
issuer
jwtid
subject
noTimestamp
header
keyid
mutatePayload: If true, the sign function will modify the payload object directly. This is useful if you need a raw reference to the payload after claims have been applied to it but before it has been encoded into a token.
allowInsecureKeySizes: If true, allows private keys with a modulus below 2048 to be used for RSA.
allowInvalidAsymmetricKeyTypes: If true, allows asymmetric keys which do not match the specified algorithm. This option is intended only for backward compatibility and should be avoided.

recommendation-more-help