Webhook Relay
PricingLogin
  • Introduction
  • Quick Start - Forwarding
  • Quick Start - Tunnels
  • 🛠️Installation
    • Relay CLI
      • Install
      • Auto-start
      • Run config.yaml reference
    • Containerized
      • Kubernetes Installation
      • Podman
      • Docker
      • Docker Compose
  • Products
    • 🛰️Webhook Forwarding
      • Glossary
      • WebSocket Server
      • Authentication
      • Custom Domains
    • ⚡Functions
      • Managing functions
      • Edit request/response
      • Working with JSON
      • 🦾Advanced
        • Working with time
        • Testing functions in CLI
        • Making HTTP Requests
        • Multipart Form Data
        • URLEncoded Form Data
        • GCP BigQuery
        • Sending Emails
        • JWT authentication
        • Base64, Hashes, Encryption
      • 🤖Integrating into CI/CD
    • 🔃Tunnels
      • Using tunnels
      • Custom Domains
      • Encryption (HTTPS)
      • Regions
  • 📝Examples
    • Intro to examples
    • Webhooks
      • Receiving webhooks on localhost
      • Receive webhooks inside your JavaScript app
      • Execute shell scripts on remote machines
    • Functions
      • Enrich webhooks from 3rd party APIs
      • Convert DockerHub webhook to Slack notification
      • Allowing only POST requests through
      • Manipulate webhook request body
    • Tunnels
      • Ingress for any Kubernetes environment
      • Demoing your website
    • 🏠Home Automation
      • Home Assistant
      • Node-RED
      • Raspberry Pi
  • Platform
    • CLI Basics
    • Using CLI Behind Proxy
    • Self-hosting Server
      • Server deployment
      • Client configuration
    • Security & Tech
Powered by GitBook
On this page
  • What are JWT tokens
  • Setting up signing secret
  • Authenticating HTTP requests
  • Testing authentication
  • Custom JWT validation
  • Supported algorithms

Was this helpful?

  1. Products
  2. Functions
  3. Advanced

JWT authentication

a helper JWT package is available to validate and authenticate webhooks

PreviousSending EmailsNextBase64, Hashes, Encryption

Last updated 3 years ago

Was this helpful?

What are JWT tokens

From :

JSON Web Token (JWT) is an open standard () that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

In short, JWT tokens allow you to easily authenticate incoming HTTP (or any other data) requests.

Setting up signing secret

Both RSA and HMAC signature verification algorithms will need to have a key based on which to validate the tokens.

Avoid specifying them directly in your function, create a config variable:

If you are using RSA public key, first encode it using base64.

Authenticating HTTP requests

    Authorization: Bearer <token>

Webhook Relay's jwt package knows where to find it, so you only need to supply the signing key:

jwt = require('jwt') -- Importing jwt helper package

local err = jwt.authenticate(cfg:GetValue("jwt-signing-key")) -- Your secret
if err then error(err) end

r:SetRequestBody("authenticated")

Testing authentication

You can use https://jwt.io to create a valid JWT token with the same secret that you have added to the config variables. Add the token as a header, click on the "+" sign and then click on the "send" button:

If you change the secret either in the config variables or on the jwt generator, you should see an error:

Once an error happens, webhook will not be forwarded further.

Custom JWT validation

If your token is not set in the Authorization header, you can use a different function:

jwt = require('jwt')

local err = jwt.validate("your-jwt-token-value-here", cfg:GetValue("jwt-signing-key"))
if err then error(err) end

r:SetRequestBody("authenticated")

Supported algorithms

Webhook Relay's JWT package supports:

  • HS - HMAC using SHA256/SHA384/SHA512

  • RS - RSASSA-PKCS-v1.5 using SHA-256/SHA-384/SHA-512

  • ECDSA using P-256 and SHA-256

  • ECDSA using P-384 and SHA-384

  • ECDSA using P-521 and SHA-512

  • RSASSA-PSS using SHA256 and MGF1-SHA256

  • RSASSA-PSS using SHA384 and MGF1-SHA384

  • RSASSA-PSS using SHA512 and MGF1-SHA512

Most applications use a standard format when sending HTTP requests. This involves setting an Authorization header:

⚡
🦾
bearer token
jwt.io
RFC 7519
specifying jwt signing secret in the config variables
JWT authentication testing
Failed authentication on webhook