Working with JSON Web Tokens (JWTs)
HS256
(shared secret)
and RS256
(public/private key).
In order to enable creation of valid JWTs WireMock Cloud provides a pair of template helpers
specifically for this purpose: jwt
and jwks
.
Both HS256
and RS256
signed tokens are supported.
If you’d like to see these features in action, take a look at the OAuth2 mock
hosted by WireMock Cloud, which is also available to use as an template when creating your own mock API.
HS256
(shared secret).
maxAge
parameter e.g.
nbf
(not before) date:
alg
parameter, the token can be signed using the public/private key
algorithm:
RS256
(public/private key) signing, it is common for clients to fetch
the public key for verification via a JSON Web Key Set (JWKS) endpoint. You serve
a JWKS from your mock API simply by adding a stub containing the following response
body (with templating enabled):