FluxyAPIFluxyAPI
BlocksTokens & Crypto

Sign JWT

Create a signed JSON Web Token (JWT) to securely share information.

The Sign JWT block creates a JSON Web Token (JWT) containing a payload of your choice. JWTs are widely used for authentication and secure information exchange between services.

Core Concept: The Digital Passport

Think of a JWT as a digital passport. You provide the information (payload), and the block "stamps" it with a secure signature using your private Secret. Anyone with that secret can later verify that the passport was issued by you and hasn't been tampered with.

Keep Secrets Secret

The Secret used to sign your token must be kept secure. If someone gains access to it, they can forge their own valid tokens.

Configuration

FieldRequiredDescription
SecretThe project secret used to sign the token.
PayloadAn object containing the data you want to store in the token (e.g., user ID, roles).
Expires InHow long the token remains valid (e.g., 30s, 15min, 12h, 7d).
Token VariableThe name of the variable that will store the signed JWT string.

Error Handling

  • JWT_SIGN_SECRET_MISSING — Triggered when no secret is selected.
  • JWT_SIGN_SECRET_RETRIEVE_ERROR — Triggered if the selected secret cannot be loaded.
  • JWT_SIGN_PAYLOAD_MISSING — Triggered when the payload is empty or not a valid object.
  • JWT_SIGN_VAR_MISSING — Triggered when the output variable name is missing.
  • JWT_SIGN_RUNTIME_ERROR — Triggered if the signing process fails unexpectedly.

Example: Issuing an Access Token

After a successful login, you can issue a token that the user's browser will send with future requests.

  1. Secret: Select your APP_JWT_SECRET.
  2. Payload:
    {
      "user_id": "{user.id}",
      "role": "admin"
    }
  3. Expires In: Set to 1h (1 hour).
  4. Token Variable: Enter access_token.
  5. Result: The variable {access_token} now contains a string like eyJhbGciOiJIUzI1Ni....

The user can now present this token to access protected endpoints.

On this page