Sign JWT
Create a signed JSON Web Token (JWT) to securely share information.
The Sign JWT block creates a JSON Web Token (JWT) containing a payload of your choice. JWTs are widely used for authentication and secure information exchange between services.
Core Concept: The Digital Passport
Think of a JWT as a digital passport. You provide the information (payload), and the block "stamps" it with a secure signature using your private Secret. Anyone with that secret can later verify that the passport was issued by you and hasn't been tampered with.
The Secret used to sign your token must be kept secure. If someone gains access to it, they can forge their own valid tokens.
Configuration
| Field | Required | Description |
|---|---|---|
| Secret | ✅ | The project secret used to sign the token. |
| Payload | ✅ | An object containing the data you want to store in the token (e.g., user ID, roles). |
| Expires In | — | How long the token remains valid (e.g., 30s, 15min, 12h, 7d). |
| Token Variable | ✅ | The name of the variable that will store the signed JWT string. |
Error Handling
JWT_SIGN_SECRET_MISSING— Triggered when no secret is selected.JWT_SIGN_SECRET_RETRIEVE_ERROR— Triggered if the selected secret cannot be loaded.JWT_SIGN_PAYLOAD_MISSING— Triggered when the payload is empty or not a valid object.JWT_SIGN_VAR_MISSING— Triggered when the output variable name is missing.JWT_SIGN_RUNTIME_ERROR— Triggered if the signing process fails unexpectedly.
Example: Issuing an Access Token
After a successful login, you can issue a token that the user's browser will send with future requests.
- Secret: Select your
APP_JWT_SECRET. - Payload:
{ "user_id": "{user.id}", "role": "admin" } - Expires In: Set to
1h(1 hour). - Token Variable: Enter
access_token. - Result: The variable
{access_token}now contains a string likeeyJhbGciOiJIUzI1Ni....
The user can now present this token to access protected endpoints.
