Issuing JWT Access Tokens

Liferay DXP 7.4 U45+/GA45+

You can configure Liferay to issue access tokens in the JWT format from System Settings.

Enabling JWT Tokens

Open the Global Menu () and navigate to Control Panel → System Settings.
Select OAuth2 and go to Authorization Server Configuration.
Check the box to Issue JWT Access Token.
Paste a JSON Web Key for signing the JWT access tokens. This is mandatory if you check the above checkbox.
Click Update.

Note

Starting with Liferay DXP 7.4 U55+/GA55+, access tokens are issued using the JWT format by default. A JSON Web Key is auto-generated on Liferay startup.

Verifying JWT Access Tokens

Liferay DXP 7.4 U49+/GA49+

After enabling the above setting, Liferay issues JWT access tokens. Clients can verify these tokens by using Liferay’s JWKS URI.

https://[hostname]/o/oauth2/jwks

You can retrieve the JSON Web Key Set by executing the following cURL command:

curl "https://[hostname]/o/oauth2/jwks"

Given below is a sample JWKS from Liferay:

{
    "keys": [
        {
            "kty": "RSA",
            "kid": "authServer",
            "alg": "RS256",
            "n": "w8VOUxOrtWDiPaovmxcUYdrgQVVncFk_jrd2CSaEp1ad626sreDEm6qe--9-aWwN8ykLgYtFh_15sDK1prMaGYBm-AnvGRc6cnIljr5VPHGBbKy4Blq-U_Fc-AvaBJ7M0I63TIkbOGEl94fkj4cCiRuxdueWYuTdnyrtD9LxtgqHRn9SJ7itXBtjPOyGTCiKfT3kkn0FGyUI4EfK9BWK1aOpGC_L4QuvE4n3NbikKdGsqb2ADstUTqZDI10h4q89GWo8C9Sk60O72nVA7d3Fqn1HXBzs3pLLxE9TH3gLAdVOct6_dyD4mOCeTty6F2EH7s9yXjvWp_aM1VurNj5rqw",
            "e": "AQAB"
        }
    ]
}