Issuing JWT Access Tokens
Liferay DXP 7.4 U45+/GA45+
You can configure Liferay to issue access tokens in the JWT format from System Settings.
Enabling JWT Tokens
-
Open the Global Menu (
) and navigate to Control Panel → System Settings.
-
Select OAuth2 and go to Authorization Server Configuration.
-
Check the box to Issue JWT Access Token.
-
Paste a JSON Web Key for signing the JWT access tokens. This is mandatory if you check the above checkbox.
-
Click Update.
Starting with Liferay DXP 7.4 U55+/GA55+, access tokens are issued using the JWT format by default. A JSON Web Key is auto-generated on Liferay startup.
Verifying JWT Access Tokens
Liferay DXP 7.4 U49+/GA49+
After enabling the above setting, Liferay issues JWT access tokens. Clients can verify these tokens by using Liferay’s JWKS URI.
https://[hostname]/o/oauth2/jwks
You can retrieve the JSON Web Key Set by executing the following cURL command:
curl "https://[hostname]/o/oauth2/jwks"
Given below is a sample JWKS from Liferay:
{
"keys": [
{
"kty": "RSA",
"kid": "authServer",
"alg": "RS256",
"n": "w8VOUxOrtWDiPaovmxcUYdrgQVVncFk_jrd2CSaEp1ad626sreDEm6qe--9-aWwN8ykLgYtFh_15sDK1prMaGYBm-AnvGRc6cnIljr5VPHGBbKy4Blq-U_Fc-AvaBJ7M0I63TIkbOGEl94fkj4cCiRuxdueWYuTdnyrtD9LxtgqHRn9SJ7itXBtjPOyGTCiKfT3kkn0FGyUI4EfK9BWK1aOpGC_L4QuvE4n3NbikKdGsqb2ADstUTqZDI10h4q89GWo8C9Sk60O72nVA7d3Fqn1HXBzs3pLLxE9TH3gLAdVOct6_dyD4mOCeTty6F2EH7s9yXjvWp_aM1VurNj5rqw",
"e": "AQAB"
}
]
}