HS256
(shared secret)
and RS256
(public/private key).
In order to enable creation of valid JWTs WireMock Cloud provides a pair of template helpers
specifically for this purpose: jwt
and jwks
.
Both HS256
and RS256
signed tokens are supported.
If you’d like to see these features in action, take a look at the OAuth2 mock
hosted by WireMock Cloud, which is also available to use as an template when creating your own mock API.
Generating a token
You can generate a token in a stub response by enabling templating and simply adding the following to the respobse body:HS256
(shared secret).
Expiry date
You can customise expiry term either by setting themaxAge
parameter e.g.
nbf
(not before) date:
Standard claims
Standard claims can be set as follows. Issuer:Custom claims
You can also set any custom claim you wish via named parameters e.g.Signing with RS256
By setting thealg
parameter, the token can be signed using the public/private key
algorithm:
Retrieving keys
For clients to be able to validate JWTs, they need to be able to retrieve either the shared secret or the public key, depending on the signing algorithm.Getting all keys for your mock API
The keys used to sign tokens for a particular mock API can be retrieved via the settings admin API resource. To fetch these via curl, you can do the following:The JSON Web Key Set (JWKS)
When usingRS256
(public/private key) signing, it is common for clients to fetch
the public key for verification via a JSON Web Key Set (JWKS) endpoint. You serve
a JWKS from your mock API simply by adding a stub containing the following response
body (with templating enabled):