JWT Node

Processes JWTs in one of three operations: decode, verify, or sign.

Config and inputs (code-grounded)

config.operation: decode | verify | sign
Verify mode:
- config.method: hs256 or jwks
- config.secret for hs256
- config.jwks_url for jwks
- optional config.issuer, config.audience
- input token
Sign mode:
- config.secret (required)
- config.algorithm: HS256 (default), HS384, HS512
- optional config.expiry_seconds
- input claims

Outputs/branches

In verify mode, uses matched_output with valid and invalid.
In decode mode, returns header + payload (no signature validation).
In sign mode, returns token.

Example usage snippet

{
  "id": "n_jwt",
  "type": "jwt_node",
  "config": {
    "operation": "verify",
    "method": "jwks",
    "jwks_url": "https://issuer.example.com/.well-known/jwks.json",
    "issuer": "https://issuer.example.com/",
    "audience": "orders-api"
  },
  "inputs": {
    "token": "{{ $json['http_trigger'].request.headers.Authorization[0] }}"
  }  
}

Common pitfalls

Verifying token without removing Bearer prefix first.
Using wrong algorithm/key pair and getting false invalids.
Ignoring clock skew for exp and nbf claims.

Config and inputs (code-grounded)​

Outputs/branches​

Example usage snippet​

Common pitfalls​

Related links​

Config and inputs (code-grounded)

Outputs/branches

Example usage snippet

Common pitfalls

Related links