Guides • Build Banking Apps
4. Create a JWT
doc
Create a JWT
In this step, you must create a JWT which identifies your application.
To create the JWT (JSON Web Token), specify the parameters that are required for your application in the JWT header and payload.
The JWT must be signed using your signing certificate. Ensure that the header and payload parameters meet the following format.
Header
| JWT header | Type | Description | Required |
|---|---|---|---|
kid | string | The key ID corresponding to your signing certificate. | Yes |
alg | string | The algorithm used to sign your JWT. Currently, only PS256 is supported. | Yes |
Example JWT header
{
"kid": "<kid>",
"alg": "PS256"
}
Payload
| JWT payload | Type | Description | REQUIRED |
|---|---|---|---|
iss | string | The principal that issued the JWT. | Yes |
iat | numeric | The time the JWT was issued, which is used to determine the age of the JWT. Provided in seconds in Unix timestamp format. | Yes |
exp | numeric | The expiration time starting from which the JWT must not be accepted for processing. Provided in seconds in Unix timestamp format. | Yes |
aud | string | The recipients for whom the JWT is intended. It must match the following regex: ^[0-9a-zA-Z]{1,18}$. We recommend using just revolut. | Yes |
scope | string | The list of granted scopes. The supported scopes are openid (required), accounts, payments, fundsconfirmations. | Yes |
redirect_uris | string | The list of allowed redirect URIs. | Yes |
token_endpoint_auth_method | string | The authorization method for the token endpoint. Currently, only tls_client_auth is supported. | Yes |
application_type | string | The application type. | Yes |
id_token_signed_response_alg | string | The signing algorithm used to sign the id_token JWTs. Currently, only PS256 is supported. | Yes |
request_object_signing_alg | string | The signing algorithm used to sign request objects. Currently, only PS256 is supported. | Yes |
tls_client_auth_dn | string | The distinguished name (DN) of the transport certificate obtained in step 3: Get your certificate's distinguished name. | Yes |
software_statement | string | The software statement assertion (SSA) obtained in step 2: Get the software statement. | Yes |
Example JWT payload
{
"iss": "test-iss",
"iat": 1591352490,
"exp": 1591356090,
"aud": "revolut",
"scope": ["openid", "payments", "accounts", "fundsconfirmations"],
"redirect_uris": ["https://example.com/my_callback_url"],
"token_endpoint_auth_method": "tls_client_auth",
"application_type": "web",
"id_token_signed_response_alg": "PS256",
"request_object_signing_alg": "PS256",
"tls_client_auth_dn": <insert tls_client_auth_dn>,
"software_statement": <insert software_statement>
}
Was this page helpful?