Leilani Documentation Open app
Reference JSON Web Tokens

JSON Web Tokens

json-web-tokens.md

Open your agent in the console and select Functions, then open the JSON Web Tokens tab.

This page documents the JSON Web Tokens tab. Related pages:

What a JSON Web Token does

A JSON Web Token configuration signs a JWT and stores the token in a selected cache.

Use this when a Function needs a bearer token or signed credential that should refresh automatically.

The token lifetime follows the selected cache's TTL.

Before you create one

Create the cache first in the Caches tab.

Use a dedicated cache for each token. Do not reuse the same cache for both:

  • a JWT
  • a Function result

JSON Web Tokens tab

The tab shows a table with these columns:

  • Name
  • Cache
  • Algorithm
  • Key Type
  • Cache TTL

The current UI supports creating and listing JSON Web Tokens from this tab.

Create a JSON Web Token

Select Create to open the JSON Web Token modal.

Name

Use a short, descriptive name.

Examples:

  • acme_api_jwt
  • crm_service_jwt

Cache

Select the cache where the signed token should be stored.

The cache TTL controls how long the token is valid before it is refreshed.

Algorithm

Supported algorithms:

  • HS256
  • HS384
  • HS512
  • ES256
  • ES384
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512
  • EdDSA

Choose the algorithm required by the target service.

Encoding Key Type

Supported key types:

  • EcDer
  • EdDer
  • RsaDer
  • Secret
  • Base64Secret
  • EcPem
  • EdPem
  • RsaPem
  • UrlSafeBase64Secret

Use the key type that matches the key material provided by the external system.

Encoding Key

Enter the signing key in the format required by the selected key type.

Guidance:

  • for DER key types, enter base64-encoded DER bytes
  • for PEM and secret-based key types, enter the key as plain text

Claims

Use the Claims table to add base claims as name and value pairs.

Examples:

  • iss
  • aud
  • sub
  • scope

Important behavior:

  • the current UI accepts claim values as strings
  • Leilani adds iat and exp automatically

Refresh behavior

Leilani refreshes tokens automatically.

Operationally, this means:

  • you select the cache and its TTL
  • Leilani keeps the cache populated with a current signed token
  • Functions can use that cached token during calls

Using a JWT with a Function

Recommended pattern:

  1. Create a dedicated cache for the token.
  2. Create the JSON Web Token and point it at that cache.
  3. Create a Function that needs the token.
  4. In the Function instructions, make it clear which cached token should be used.
  5. Reference the collected token field in the Function headers or request body.

Common example:

  • Cache: Acme Service JWT
  • Function field in Parameters: auth_token
  • Header value: Bearer {/auth_token}

If the Function response should also be cached, use a second cache for the Function result.

Operator guidance

  • Use clear names for both the JWT and its cache.
  • Match the cache TTL to the token lifetime expected by the target service.
  • Keep claims minimal and service-specific.
  • Store one token per cache.

Limitations and notes

  • The current UI supports creating and listing JSON Web Tokens.
  • The current UI accepts claim values as strings.