JSON Web Token (JWT) is an open standard used in sharing information securely between a client and a server as a JSON object. It is an encoded JSON composed of three string segments— Header, Payload, and Signature concatenated with periods.
Generally, JWTs are signed with a private key when they are generated and then validated with a public key upon receipt so that you can verify that the token hasn’t been modified in transit. To use Secure Messaging, you must authorize a contact by sharing a JWT with Comm100. A validation method for this JWT must be set up in the Secure Messaging Security configuration.
Comm100 supports three validation methods—Public Key, JWKS, and Shared Token.
Public Key
You can provide the Public Key in the Public Key text field to validate Contact JWT.
For example:
JSON Web Key Set (JWKS)
You can also provide JWKS to validate Contact JWT. The JWKS is a set of keys containing the public keys used to verify any JWT issued by the authorization server and signed using the RS256 signing algorithm.
Provide the JWKS URL from which public keys can be fetched to verify and validate the JWT sent to Comm100.
For example:
Shared Token
You can also use Shared Token to sign your JWT. A new Shared Secret is generated every time you Reset the token.
For example:
To learn how to send a JWT validation to Comm100 to identify contact and set other contact and contact identity attributes, see this article.