4D NetKit: Decoding, Generating, and Validating JWT
October 17, 2025
2 min read
JSON Web Tokens (JWT) have become a key standard for secure authentication and information exchange between systems. With JWT, you can transmit data in a secure, verifiable, and standardized way, reducing complexity while improving security. In particular, JWTs are essential when working with OpenID Connect, where they allow you to validate and decode the information returned by the OpenID provider.
Within the 4D 21, 4D NetKit provides a simple API to handle these tokens: decoding, generation, and validation.
When Does Your Application Receive a JWT?
A JWT is usually received during authentication or authorization processes. Examples include:
-
After a user logs in through an OpenID Connect provider.
-
When an external API returns a token to grant access to its resources.
-
In inter-service communication, when one server issues a JWT for another service to verify identity or permissions.
In all these scenarios, your application must decode and validate the token before using it.
Decoding and Validating a JWT
When your application receives a JWT, two steps are usually required:
- Decoding the token to inspect its content (claims).
- Validating it to ensure it has not been altered and that it truly comes from a trusted source.
var $JWT:=cs.NetKit.JWT.new()
// Decode the JWT token: this method extracts the token’s contents
// (such as header, payload, and signature) without necessarily verifying its validity
var $result := $JWT.decode($token)
// Validate the token: this step checks that the token is correctly signed with the provided key
var $isValid:= $JWT.validate($token; $key)Generating a JWT
In addition to decoding and validating, you may need to generate your own JWTs. For example, when building a system that issues tokens to clients, or when creating a token to authenticate with an external API.
// Define the JWT claims object, starting with the header
var $claims:={header: {alg: "HS256"; typ: "JWT"}}
// Define the payload (the data carried by the token)
$claims.payload:={sub: "123456789"; name: "John"; exp : 50}
// Generate the JWT token using the claims and a private key
// The resulting token ($token) will be a signed string that can be sent securely
var $token := cs.NetKit.JWT.new().generate($claims; $privateKey)This produces a signed token ready to secure your exchanges.
Conclusion
The NetKit.JWT class provides 4D 21 with a simple API for decoding, validating, and generating tokens. It helps developers implement secure authentication flows, integrate with OpenID providers, and create modern, standards-based applications.
Comments are not currently available for this post.