- 01 Sep 2023
- 2 Minutes to read
- Print
- DarkLight
How to Set Up and Use JWT
- Updated on 01 Sep 2023
- 2 Minutes to read
- Print
- DarkLight
JWT (JSON Web Token) is a web-based token format utilized for transferring information between devices in the form of a JSON object. It serves as a secure means of transmitting data between parties in a compact and self-contained structure. JWTs are commonly employed to reference and securely transmit user context session data between clients and servers.
In Decisions JWTs represent a user's session. The token will expire once the user's session is no longer valid.
JWT Flow Steps
There are two JWT Flow steps located in the Steps panel under Integration > Internal Services > AccountService.
- Login and Get JWT Token
- Get Context From JWT Token
Login and Get JWT Token
- This Flow step takes in the username and password as inputs and uses the default shared key, located in the Portal settings, hashes that account information with the algorithm, and the secret key in the Portal settings, which then outputs the token.
- The Login And Get JWT Token uses the user login of an Account and then outputs.
- Any account that can log in to the Portal can be the account to be used for obtaining a token.How to Change JWT Secret Key
This secret key can be changed by typing in a new key in the integration settings. It is found under System > Settings > Integration Settings.
Get Context From JWT Token
This Flow step takes in a JWT token as an input and then outputs five pieces of information:
SessionValue: | The user session of the Account running the Flow. |
ClientEventSessionId: | Ties session updates to what is being seen on a browser page. |
DisplayType: | Refers to SilverLight, HTML, HTMLmobile, or HTMLtablet. |
StudioPortal: | This property will be set to true if the user Account is a studio user. |
BrowserUserAgent: | Refers to the string that browsers use to determine their behavior. |
Below is a screencap for the output of the step, highlighting the returned values:
Changing Passwords
If an account's password changes the token will still be valid and usable. To invalidate a JWT token at the same time as a password change go to System > System Settings > Portal Settings and select Forcibly Close Sessions When Password Changed.
Get JWT Token In An API Call
- To Access JWT token through API, a call needs to be made to the Account Service methods LoginAndGetJWTToken, Validate Token, Context Token, and Get JWKS:
http://{BasePortalURL}/Decisions/Primary/REST/AccountService/LoginAndGetJWTToken?outputType=JSON&userName=example@decisions.com&password=example
- To find the BasePortalURL, open a web browser. Alternatively, the Base PortalURL can be found by searching for the BasePortalURL in the Settings.xml.
- The BasePortalURL will usually be the first two fields after the "http://" By default, local installs of Decisions will usually be "http://localhost/decisions" or "http://localhost" if it is a root install.
- In production environments, it may be "https://CompanyDNSname.com/decisions" or "https://CompanyDNSname.com/" If it's a root install.
- For local installs, this is how a call would look like:
- Next, select the authorization header tab and input the following in the following fields:
- Type: “Bearer Token”
- Token: “Paste JWT Token Here”
Calling APIs to run Flow/Rule/Report
Once a JWT token is created, calls can be made to access Flows, Rules, and Reports. Below is an example highlighting accessing a specific flow on localhost.
- URL:
http://{BasePortalURL}/Decisions/Primary/?FlowId={FlowId/ReportId/RuleId/TruthTableId}&Action=api&outputtype=JSON
- HTTP Header: Authorization: Bearer (JWT token)
- For instance, this is how a call to run a Flow with id
f5cc8ed9-216e-11ea-888b-b42e996c6738
looks like on the localhost.