> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to configure your JSON Web Token flow actions to sign, verify or decode JSON Web Tokens.

# JSON Web Token

This list of <Tooltip tip="JSON Web Token (JWT): Standard ID Token format (and often Access Token format) used to represent claims securely between two parties." cta="View Glossary" href="/docs/glossary?term=JSON+Web+Token">JSON Web Token</Tooltip> actions allows you to generate, verify, and decode JWTs in your flows.

## Configure your Vault connection

To configure a Vault connection for your JSON Web Token actions using **HS256 algorithm**, you will need a **Secret:**

<Frame>
  <img src="https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=db753f18692a7042e4c4528cfdd6c896" alt="Dashboard > Actions > Forms > Flows > actions > JSON web token" data-og-width="1404" width="1404" data-og-height="697" height="697" data-path="images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?w=280&fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=51da1b05c86ef5e9618c5572b0bd1188 280w, https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?w=560&fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=a7ee5cf3c5f095715204000630d4a7e8 560w, https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?w=840&fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=3ef118378a9aed104f138da750a32b88 840w, https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?w=1100&fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=20052bae9ee0e3dc9a3993c9d9fabebb 1100w, https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?w=1650&fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=76038b634cad5b176810b7e3aa615dd0 1650w, https://mintcdn.com/docs-staging-quickstart-revamp/AmyDKn5Na0kFZtbL/images/cdy7uua7fh8z/1WnUlIe2QZf39G45PHcQGp/40d768da226a0cefa09c62c5cab78577/jwt-vault-connection.png?w=2500&fit=max&auto=format&n=AmyDKn5Na0kFZtbL&q=85&s=671568478404525da69b8e2c69b54a5a 2500w" />
</Frame>

## Sign JSON web token

Generates a JSON web token.

<Frame>
  <img src="https://mintcdn.com/docs-staging-quickstart-revamp/TO6FS4AgTzQGgpsU/images/cdy7uua7fh8z/3XQqUMKrmrc8fUkCsDhI2T/43f7f8d38673d8fa4f9dba7242e044d9/sign-json-web-token.png?fit=max&auto=format&n=TO6FS4AgTzQGgpsU&q=85&s=45f5d641f9036c94157b18124c6b3086" alt="" width="1404" height="1483" data-path="images/cdy7uua7fh8z/3XQqUMKrmrc8fUkCsDhI2T/43f7f8d38673d8fa4f9dba7242e044d9/sign-json-web-token.png" />
</Frame>

### Input settings

<table class="table">
  <thead>
    <tr>
      <th><b>Parameter</b></th>
      <th><b>Description</b></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>Payload</td>

      <td>
        Data to encode. We recommend to format it according to OpenID standards.
      </td>
    </tr>

    <tr>
      <td>Subject</td>

      <td>
        Identifies the subject of the JWT.
      </td>
    </tr>

    <tr>
      <td>Issuer</td>

      <td>
        Identifies principal that issued the JWT.
      </td>
    </tr>

    <tr>
      <td>Audience</td>

      <td>
        Identifies the recipients that the JWT is intended. For example:  admin.your\_domain.com
      </td>
    </tr>

    <tr>
      <td>Expires in</td>

      <td>
        Identifies the expiration time on and after which the JWT must not be accepted for processing.
      </td>
    </tr>
  </tbody>
</table>

### Output object

<table class="table">
  <thead>
    <tr>
      <th><b>Property</b></th>
      <th><b>Type</b></th>
      <th><b>Description</b></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><code>token</code></td>
      <td>String</td>
      <td>A JSON web token string.</td>
    </tr>
  </tbody>
</table>

### Output object example

```json lines
{
  "token": "eyJhbGciOiJIUzI1N..."
}
```

## Decode JSON web token

Decodes a provided JSON web token.

<Frame>
  <img src="https://mintcdn.com/docs-staging-quickstart-revamp/KCEsvkqT5-VRQ297/images/cdy7uua7fh8z/7I25WVtppllW6qhC5sALvH/70143bbe0d96920e1d9dfabbb1d6aeff/decode-json-web-token.png?fit=max&auto=format&n=KCEsvkqT5-VRQ297&q=85&s=792937566afa943d9cac86159ff826e5" alt="" width="1404" height="660" data-path="images/cdy7uua7fh8z/7I25WVtppllW6qhC5sALvH/70143bbe0d96920e1d9dfabbb1d6aeff/decode-json-web-token.png" />
</Frame>

### Input settings

<table class="table">
  <thead>
    <tr>
      <th><b>Parameter</b></th>
      <th><b>Description</b></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>Token (required)</td>

      <td>
        JSON web token string that will be decoded.
      </td>
    </tr>
  </tbody>
</table>

### Output object

<table class="table">
  <thead>
    <tr>
      <th><b>Property</b></th>
      <th><b>Type</b></th>
      <th><b>Description</b></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><code>payload</code></td>
      <td>object</td>
      <td>The decoded and valid JSON web token content</td>
    </tr>
  </tbody>
</table>

### Output object example

```json lines
{
  "header": {
    "alg": "HS256",
    "typ": "JWT"
  },
  "payload": {
    "sub": "1234567890",
    "name": "John Doe",
    "iat": 1516239022
  },
  "signature": "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
```

## Verify JSON web token

Verifies the JSON web token data, to determine if it remains intact or has been modified, in order to guarantee its authenticity.

<Frame>
  <img src="https://mintcdn.com/docs-staging-quickstart-revamp/3jbELjzzcIN-z8n3/images/cdy7uua7fh8z/15MDJcfZqtC46h6mRPOGcz/55e0785db066a54f836d30199fa5f295/verify-json-web-token.png?fit=max&auto=format&n=3jbELjzzcIN-z8n3&q=85&s=5d9f2698fb19be9e146c9cf9df888b51" alt="" width="1404" height="882" data-path="images/cdy7uua7fh8z/15MDJcfZqtC46h6mRPOGcz/55e0785db066a54f836d30199fa5f295/verify-json-web-token.png" />
</Frame>

### Input settings

<table class="table">
  <thead>
    <tr>
      <th><b>Parameter</b></th>
      <th><b>Description</b></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>Token (required)</td>

      <td>
        JSON web token string that will be verified.
      </td>
    </tr>

    <tr>
      <td>Issuer</td>

      <td>
        The issuer of the JWT that will be verified.
      </td>
    </tr>

    <tr>
      <td>Audience</td>

      <td>
        The recipient audience of the JWT is intended that will be verified.
      </td>
    </tr>
  </tbody>
</table>

### Output object

<table class="table">
  <thead>
    <tr>
      <th><b>Property</b></th>
      <th><b>Type</b></th>
      <th><b>Description</b></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><code>valid</code></td>
      <td>Boolean</td>
      <td>Returns <code>true</code> or <code>false</code> depending on whether or not the JWT has a valid signature.</td>
    </tr>

    <tr>
      <td><code>cause</code></td>
      <td>String</td>
      <td>If the <code>valid</code> property is <code>false</code> a message is displayed.</td>
    </tr>

    <tr>
      <td><code>payload</code></td>
      <td>Object</td>
      <td>The decoded and valid JSON web token content.</td>
    </tr>
  </tbody>
</table>

### Output object example

```json lines
{
  "valid": true,
  "header": {
    "alg": "HS256",
    "typ": "JWT"
  },
  "payload": {
    "sub": "1234567890",
    "name": "Jane Doe",
    "iat": 1516239022
  },
  "signature": "SflKxwRJSMe..."
}
```

```json lines
{
  "valid": false,
  "cause": "INVALID_SIGNATURE"
}
```
