Retrieving JWT Token

Edit online

About this task

You can retrieve JWT using one of the following ways:
  • Retrieve with static payload: This method is used to retrieve an access token for a general access. You can retrieve the JWT token either by using your internet browser or a REST client.
  • Retrieve using an Application Id: This method is used to retrieve an access token to be used for a particular application.

To retrieve a JWT token using internet browser

  1. Open your internet browser.

  2. Perform one of the following steps to retrieve access token:

    • To retrieve the access token with static payload, provide the following URL in the browser, with the IP of API Gateway in place of local host and press enter: 
      http://localhost:5555/rest/pub/apigateway/jwt/getJsonWebToken
    • To retrieve the access token for a particular application, provide the following URL, with the IP of API Gateway and required application Id: 
      http://localhost:5555/rest/pub/apigateway/jwt/getJsonWebToken?
app_id=applicationId

      For example,

      https://localhost:5556/rest/pub/apigateway/jwt/getJsonWebToken?
app_id=9502c862-9e67-4726-bc13-598df42c7fb6

The JWT token is displayed:

The subject claim of the token generated by making a GET call will be the username of user who calls the JWT endpoint.
Note: You must use HTTPS protocol when retrieving JWT token. If you want to use the HTTP protocol, you must set the pg_JWT_isHTTPS setting in the Administration > Extended Settings to false.

To retrieve a JWT token using a REST client

Before you begin:

  • You must configure API Gateway as a JWT issuer. If it is not set as a JWT issuer, you can configure it by navigating to Administration> Security> JWT/OAuth/OpenID> JWT Configuration in API Gateway.
  • You must be an API Gateway user.
  1. Open your REST client.
  2. Provide the following URL in the input section to make a GET call, with the IP address of the system where API Gateway is installed:
    http://localhost:5555/rest/pub/apigateway/jwt/getJsonWebToken
  3. Set the type of authentication header to Basic Auth.
  4. Provide your credentials for authorization.
  5. Invoke the endpoint to get the JWT token.

The token generated will be a base64 encoded JWT token.

The subject claim of the token generated by making the GET call will be the username of the user who calls the JWT endpoint. The audience and issuer will be the values configured in the authorization server.