Secure Token Generation

🔐 `GENERATE_JWT` Workflow – Secure Token Generation on User Action

The GENERATE_JWT workflow in the generateRVN API's controls section allows enterprises to trigger JWT (JSON Web Token) generation when a user performs a specific action, such as approving a transaction.

This JWT is included in the response and can be used for downstream validation, authorization, or session continuity.

🔁 When Is `GENERATE_JWT` Used?

You can configure a specific user action (e.g., "Accept") to trigger JWT creation via:

"action_workflows": {
  "workflows_params": {
    "jwt_expires_in": 600
  },
  "workflows": {
    "Accept": "GENERATE_JWT"
  }
}

🛠
The JWT is then included in the getRVNStatus API response and callback payload.

📦 Sample Workflow Configuration

"controls": {
  "action_workflows": {
    "workflows_params": {
      "jwt_expires_in": 600
    },
    "workflows": {
      "Accept": "GENERATE_JWT"
    }
  }
}

jwt_expires_in: Optional field (in seconds). Controls the expiry of the generated JWT.
workflows: A key-value map of <actionLabel>: "GENERATE_JWT".

🧾 Sample JWT Payload

{
  "aud": "REL-ID Default",
  "sub": "p39",                      // User ID
  "iss": "https://auth.relid.com",   // Issuer
  "iat": 1721727546,                 // Issued At (epoch)
  "exp": 1721727846,                 // Expiry (epoch)
  "jti": "7eaa1d94-708d-4ae8-aa1d-94708deae8f2"  // Unique Token ID
}

You can decode this JWT using standard libraries (e.g., jwt.io, jsonwebtoken, etc.).

✅ When to Use

For SSO (Single Sign-On) scenarios, where JWT is needed after user action.
To provide tamper-proof, signed claims that can be validated by your backend.
To link transactional consent to a secure token.

🔐 Security Notes

The JWT is signed using REL-ID’s private key and can be validated using the public key.
The token is short-lived by default (jwt_expires_in = 600 seconds).
JWT validation is stateless and can be handled without querying REL-ID again.

📤 Where to Access the JWT

In the callback payload if callback_url is set.
In the response ofgetRVNStatus once the user takes the configured action.

🧠 Best Practices

Store the JWT securely on your server or session context.
Always verify:
- Signature
- exp (expiry time)
- sub and aud fields
Never trust a JWT without validation.

📌
The GENERATE_JWT workflow gives you a trusted, verifiable token to link user action with secure downstream logic.

Updated 3 months ago

Secure Token Generation

🔐 `GENERATE_JWT` Workflow – Secure Token Generation on User Action

🔁 When Is `GENERATE_JWT` Used?

The JWT is then included in the `getRVNStatus` API response and callback payload.

📦 Sample Workflow Configuration

🧾 Sample JWT Payload

✅ When to Use

🔐 Security Notes

📤 Where to Access the JWT

🧠 Best Practices

The `GENERATE_JWT` workflow gives you a trusted, verifiable token to link user action with secure downstream logic.

🔐 GENERATE_JWT Workflow – Secure Token Generation on User Action

🔁 When Is GENERATE_JWT Used?

The JWT is then included in the getRVNStatus API response and callback payload.

📦 Sample Workflow Configuration

🧾 Sample JWT Payload

✅ When to Use

🔐 Security Notes

📤 Where to Access the JWT

🧠 Best Practices

The GENERATE_JWT workflow gives you a trusted, verifiable token to link user action with secure downstream logic.

🔐 `GENERATE_JWT` Workflow – Secure Token Generation on User Action

🔁 When Is `GENERATE_JWT` Used?

The JWT is then included in the `getRVNStatus` API response and callback payload.

The `GENERATE_JWT` workflow gives you a trusted, verifiable token to link user action with secure downstream logic.