4D NetKit: Decoding, Generating, and Validating JWT



Product

JSON Web Tokens (JWT) have become a key standard for secure authentication and information exchange between systems. With JWT, you can transmit data in a secure, verifiable, and standardized way, reducing complexity while improving security. In particular, JWTs are essential when working with OpenID Connect, where they allow you to validate and decode the information returned by the OpenID provider.

Within the 4D 21, 4D NetKit provides a simple API to handle these tokens: decoding, generation, and validation.

When Does Your Application Receive a JWT?

A JWT is usually received during authentication or authorization processes. Examples include:

  • After a user logs in through an OpenID Connect provider.

  • When an external API returns a token to grant access to its resources.

  • In inter-service communication, when one server issues a JWT for another service to verify identity or permissions.

In all these scenarios, your application must decode and validate the token before using it.

Decoding and Validating a JWT

When your application receives a JWT, two steps are usually required:

  1. Decoding the token to inspect its content (claims).
  2. Validating it to ensure it has not been altered and that it truly comes from a trusted source.

 

var $JWT:=cs.NetKit.JWT.new()

// Decode the JWT token: this method extracts the token’s contents
// (such as header, payload, and signature) without necessarily verifying its validity
var $result := $JWT.decode($token)

// Validate the token: this step checks that the token is correctly signed with the provided key 
var $isValid:= $JWT.validate($token; $key)

Generating a JWT

In addition to decoding and validating, you may need to generate your own JWTs. For example, when building a system that issues tokens to clients, or when creating a token to authenticate with an external API.

// Define the JWT claims object, starting with the header
var $claims:={header: {alg: "HS256"; typ: "JWT"}}
// Define the payload (the data carried by the token)
$claims.payload:={sub: "123456789"; name: "John"; exp : 50}

// Generate the JWT token using the claims and a private key
// The resulting token ($token) will be a signed string that can be sent securely
var $token := cs.NetKit.JWT.new().generate($claims; $privateKey)

This produces a signed token ready to secure your exchanges.

Conclusion

The NetKit.JWT class provides 4D 21 with a simple API for decoding, validating, and generating tokens. It helps developers implement secure authentication flows, integrate with OpenID providers, and create modern, standards-based applications.

Discuss

Tags ,

Fabrice Mainguené
• Product Owner •Fabrice Mainguené joined 4D Program team in November, 2016. As a Product Owner, he is in charge of writing the user stories then translating it to functional specifications. His role is also to make sure that the feature implementation delivered is meeting the customer need.After obtaining a Bachelor degree in Computer Science at CNAM, Fabrice joined a small software publishing company as a Windev developer. Then he worked for different companies in industry and trade areas as a Windev and web developer as well as technical advisor on new features.