Can I generate a JWT token by using the application's private key inside the rule?

I need to generate a JWT token signed by one of my applications inside my rule to request my server before authorizing the user to login. I found the solution below, and I can’t get the application’s private key.

function createToken(clientId, clientSecret, issuer, user) {
  const options = {
    expiresInMinutes: 5,
    audience: clientId,
    issuer: issuer
  };
  return jwt.sign(user, clientSecret, options);

Hi @wubenhe

I don’t think you can. But I don’t think you should, either.

Instead, generate your own key pair, and make sure your middleware accepts either key as appropriate.

But, do you really need a JWT here? Having one introduces a lot of complexity and potential security issues.

John

Thank you for the confirmation!
I want to check is a way to avoid adding another check in my system to allow other access keys.

1 Like

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!