This plugin provides JWT authentication support for API requests. JWT is a compact, URL-safe means of representing claims between two parties, commonly used for authentication and information exchange in modern web applications and APIs.

How JWT Authentication Works

JWT authentication involves creating a signed token containing claims about the user or application. The token is sent in the Authorization header:

Authorization: Bearer <jwt-token>

A JWT consists of three parts separated by dots:

Header: Contains the token type and signing algorithm
Payload: Contains the claims (user data, permissions, expiration, etc.)
Signature: Ensures the token hasn't been tampered with

Usage

Configure the request, folder, or workspace to use JWT Authentication
Set up your signing algorithm and secret/key
Configure the required claims for your JWT
The plugin will generate, sign, and include the JWT in your requests

Common Use Cases

JWT authentication is commonly used for:

Microservices Authentication: Service-to-service communication
API Gateway Integration: Authenticating with API gateways
Single Sign-On (SSO): Sharing authentication across applications
Stateless Authentication: No server-side session storage required
Mobile App APIs: Secure authentication for mobile applications
Third-party Integrations: Authenticating with external services

Troubleshooting

Invalid Signature: Check your secret/key and algorithm configuration
Token Expired: Verify expiration time settings
Invalid Claims: Ensure required claims are properly configured
Algorithm Mismatch: Verify the algorithm matches what the API expects
Key Format Issues: Ensure RSA keys are in the correct PEM format