This collection shows how pre-request scripts in Postman can be used to generate JSON Web Tokens (JWT). This is useful for APIs that need their clients to create JWTs and send them as part of requests.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"4630964","collectionId":"f87288e7-4066-430b-b400-1c1a2a83d740","publishedId":"S1Lr3qtg","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"publishDate":"2019-04-30T08:03:07.000Z"},"item":[{"name":"JWT signed with base64 encoding","event":[{"listen":"prerequest","script":{"id":"1bbad800-0f35-4ab3-a5fb-de3bf73109a1","exec":["// JWT generation script adapted from","// https://gist.github.com/corbanb/db03150abbe899285d6a86cc480f674d","","var jwtSecret = pm.environment.get('jwt_secret') || ''","","// Set headers for JWT","var header = {","\t'typ': 'JWT',","\t'alg': 'HS256'","};","","// Prepare timestamp in seconds","var currentTimestamp = Math.floor(Date.now() / 1000)","","var data = {","\t'iss': pm.environment.get('jwt_iss') || '',","\t'ist': pm.environment.get('jwt_ist') || '',","\t'iat': currentTimestamp,","\t'exp': currentTimestamp + 30, // expiry time is 30 seconds from time of creation","\t'jti': 'jwt_nonce'","}","","","function base64url(source) {"," // Encode in classical base64"," encodedSource = CryptoJS.enc.Base64.stringify(source)"," "," // Remove padding equal characters"," encodedSource = encodedSource.replace(/=+$/, '')"," "," // Replace characters according to base64url specifications"," encodedSource = encodedSource.replace(/\\+/g, '-')"," encodedSource = encodedSource.replace(/\\//g, '_')"," "," return encodedSource","}","","// encode header","var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header))","var encodedHeader = base64url(stringifiedHeader)","","// encode data","var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data))","var encodedData = base64url(stringifiedData)","","// build token","var token = `${encodedHeader}.${encodedData}`","","// sign token","var signature = CryptoJS.HmacSHA256(token, jwtSecret)","signature = base64url(signature)","var signedToken = `${token}.${signature}`","","pm.environment.set('jwt_signed', signedToken)","console.log('Signed and encoded JWT', signedToken)"],"type":"text/javascript"}}],"id":"df7c0fff-babc-420d-ad45-e9e731d5c50f","request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt_signed}}"}]},"isInherited":false},"method":"POST","header":[],"url":"https://postman-echo.com/post","description":"This request creates a signed JWT using the jwt_secret variable and encodes the JWT data as base64. It then sets the signed and encoded JWT as Bearer token in the Authorization header.
This request creates a signed JWT using the jwt_secret variable. It then sets the signed JWT as Bearer token in the Authorization header.
This request does not encode the JWT as base64 string.
\n","urlObject":{"protocol":"https","path":["post"],"host":["postman-echo","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"15a3c8ec-e668-43b5-a051-d0e2af9852b2"},{"name":"Using JWT helper","id":"9ba55dff-8aa0-4df1-9dc4-7f64e7b0c2ee","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"jwt","jwt":{"basicConfig":[{"key":"payload","value":"