Terence Yuen (TerenceY0215)
Bank of Nova Scotia

Bank of Nova Scotia
TerenceY0215 Member since 2016 34 posts
Bank of Nova Scotia
Posted: July 23, 2019
Last activity: October 31, 2019
Posted: 23 Jul 2019 13:59 EDT
Last activity: 31 Oct 2019 21:04 EDT

Ability to control how pxGenerateJWT put in the header

According to Pega Help:

alg – The used JWS algorithm, which is in the Security section, on the Generation tab.
cty – The content type is populated by default as application/json.
typ – The type is always JWT.
kid – The Key ID is a unique ID generated by the JWT runtime for each token generated.
crit – Headers that are marked as critical on the Generation tab.

Kid is generated every time using pxGenerateJWT. In the example that we have, this is the Header that got generated:

"kid": "4a08b9920940f25110d0b49bf937e855",
"cty": "application/json",
"typ": "JWT",
"alg": "RS256"

We need to create a JWT to send to a service in order to obtain a token that will be used in calling other services. According to the service provider, their definition of kid is as follows:

  • KID is the public key thumbprint. It is generated by the toolkit(nimbus) we use to generate/validate assertions.

The service provider also considers the KID header parameter optional. We have tested with a hand crafted JWT created using, and have confirmed that the KID header parameter made a difference. And the service provider accepts the JWT without KID in the header.

We would like to find out the steps to achieve at least one of the following:

1) Generate KID based on the public key thumb print

2) Allow the developer to decide how KID is generated

2) Suppress the generation of KID altogether

***Edited by Moderator Marissa to update SR Details***

Data Integration Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.