In JSON Web Token (JWT), the payload contains attributes that carry the identity and contact information of the logged-in customer on your website. These payload attributes are also called the “claims” of the JWT and appear as a name-value pair (Key) where the name is always a string, and the value can be any JSON value.
A JWT needs to be created and signed using one of the provided methods so that Secure Messenger can validate the request source and allow message exchange to the authorized identity.
Secure Messenger offers two methods to sign the customer token.
- Public Key: For the highest level of security, you can use this method by providing a Public key to Secure Messenger for validation, while JWT will be signed with a Private Key securely managed at your end.
- Shared Token: Shared Token is generated by Secure Messenger separately for each instance and securely stored. Given the token must be copied to use in your application, ensure that clipboard has been cleaned after copy-paste operation of the token.
Configure JWT Validation using Provided Public Key
To configure JWT validation using a Public Key, follow these steps:
- Use the RS256 algorithm for signing the Private Key to generate JWT.Note: RS256 is an RSA Digital Signature Algorithm with SHA-256. SHA-256 is an Asymmetric Key Cryptography algorithm that uses a pair of public and private keys to encrypt and decrypt.
- Provide the corresponding Public Key in the Comm100 control panel to validate the JWT.
- Include the Contact Identity Key name and value in the payload.
For example, {"identity": "mark"}Note:- Defining the Contact Identity Key and its value in the payload is mandatory.
- The Contact Identity Key name can be any string of letters. You must also define the same name within the Security tab of Secure Messaging.
Configure JWT Validation using JWKS
To configure JWT validation using JWKS, follow these steps:
- Provide a public URL in Comm100 Control Panel: Ticketing & Messaging > Channels > Secure Messaging > {Secure Messenger} > Security > JSON Web Token (JWT) Validation > JWKS to access the public key sets.
- Follow step # 3 of Configure JWT Validation using Provided Public Key.
Configure JWT Validation using Shared Token
To configure JWT validation using a shared token, follow these steps:
- Create a Shared Secret from the Comm100 Control Panel: Ticketing & Messaging > Channels > Secure Messaging > {Secure Messenger} > Security > JSON Web Token (JWT) Validation > Shared Token.
- Sign the Shared Token generated in the earlier step using the HS256 algorithm to generate JWT.
- Follow step # 3 of Configure JWT Validation using Provided Public Key.
To learn more about sending JWT of authorized customers to Secure Messenger, see this article.