How to use JWT with Ballerina

Question

I read about JWT and i think i understand how it works, but when things come to ballerina examples i don't understand anything:

How do i set the algorithm which i want to use along with JWT and the expiration time?

How do i use a custom private key?

How can i get the token from this example for instance "https://ballerina.io/learn/by-example/secured-service-with-jwt-auth"?

May be how can i get the token using CURL (for testing purposes)?

Also i'm wondering how to use the JWT without the need of having a database with users and passwords..

I'm absolutely new to security and ballerina also. Can anybody help please?

Answer 1

Ballerina JWT module [1] provides following functionalities.

1. Issue a JWT

   You can issue/generate a JWT by providing jwt:JwtIssuerConfig. You can configure username, issuer, audience, expiration time, signing algorithm, custom claims and configuration for signature (key-store config). Please refer to API docs of jwt:JwtIssuerConfig [2]. Example code can be found at [3].

2. Validate a JWT

   You can validate a JWT by providing jwt:JwtValidatorConfig. You can configure expected issuer, expected audience, clock skew, cache configuratons and configurations for validating signature (trust-store config). Please refer to API docs of jwt: JwtValidatorConfig [4]. Example code can be found at [3].

3. Secure a service with JWT

   You can use JWT to secure and HTTP service. The Authorization header of the inbound HTTP request will get validated and authenticated according to the provided configurations. Please refer to API docs of jwt:InboundJwtAuthProvider [5]. Example code can be found at [6].

4. Calling to a service with JWT

   You can use JWT to call to an external server which is authenticated with JWT. The outbound HTTP request is prepared with the Authorization header according the provided configurations. Please refer to API docs of jwt:OutboundJwtAuthProvider [7]. Example code can be found at [8].

Answers for the questions:

How do i set the algorithm which i want to use along with JWT and the expiration time?

You can configure jwt:JwtIssuerConfig [2] as described above.

How do i use a custom private key?

You can configure the jwt:JwtKeyStoreConfig field of jwt:JwtIssuerConfig [2], with your custom private key.

How can i get the token from this example for instance "https://ballerina.io/learn/by-example/secured-service-with-jwt-auth"? May be how can i get the token using CURL (for testing purposes)?

This is a sample service which is secured with JWT. The token used to invoke this service is provided at the bottom of the sample. How to invoke this service with CURL is also provided.

Also i'm wondering how to use the JWT without the need of having a database with users and passwords..

All of the above samples, does not need any database or file store. All the configurations are provided in the code itself. If there is any requirement to retrieve data from database, that is also possible.

References:

1 https://ballerina.io/learn/api-docs/ballerina/jwt/index.html

2 https://ballerina.io/learn/api-docs/ballerina/jwt/records/JwtIssuerConfig.html

3 https://ballerina.io/learn/by-example/jwt-issue-validate.html

4 https://ballerina.io/learn/api-docs/ballerina/jwt/records/JwtValidatorConfig.html

5 https://ballerina.io/learn/api-docs/ballerina/jwt/objects/InboundJwtAuthProvider.html

6 https://ballerina.io/learn/by-example/secured-service-with-jwt-auth.html

7 https://ballerina.io/learn/api-docs/ballerina/jwt/objects/OutboundJwtAuthProvider.html

8 https://ballerina.io/learn/by-example/secured-client-with-jwt-auth.html