JSON web tokens in Rest API

Hi Cuba Team,

Now cuba is using Oauth2 access token. Is there any way to integrate JSON web tokens.


Hi, can you elaborate a bit more which scenario would you like to implement around JWTs?

Because a JWT is nothing more than a standard envelope to carry some security and identity claims between parties.
Using JWTs alone gives no benefit, but I used them successfully when implementing an OpenID Connect layer on top of OAuth 2.0 (not in CUBA, that doesn’t implement OpenID Connect)



I would like to implement JWTs while using Rest Apis in Cuba platform.
By default cuba is giving the below access token, how do i change it to JWT.
“access_token”: “29bc6b45-83cd-4050-8c7a-2a8a60adf251”,
“token_type”: “bearer”,
“expires_in”: 43198,
“scope”: “rest-api”

Here, the access token should be of JSON web token.

like the below format
“access_token”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyX2lkIl0sInVzZXJfbmFtZSI6InVzZXIiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiZXhwIjoxNDk4MjA3NDc3LCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiMWY2NGRmMDQtZTk1Ni00OWU1LWJiYWMtMjI1MmVjYWU1NTE5IiwiY2xpZW50X2lkIjoidHJ1c3RlZC1hcHAifQ.CZNwij0IzYkPC67u1RcBHDUQL7r6Teb-tS_hqlc4lkE”,
“token_type”: “bearer”,
“refresh_token”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyX2lkIl0sInVzZXJfbmFtZSI6InVzZXIiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiYXRpIjoiMWY2NGRmMDQtZTk1Ni00OWU1LWJiYWMtMjI1MmVjYWU1NTE5IiwiZXhwIjoxNTAwNzU2Mjc3LCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiMDU3NTEzNTItZDkxNi00NzcyLTliYTktZTFmYmVhNGJkMzhkIiwiY2xpZW50X2lkIjoidHJ1c3RlZC1hcHAifQ.NzuwJyyAbr3Md6_d9M2kmhzgtjD5dSgezT_NOLm0z-E”,
“expires_in”: 43199,
“scope”: “read write”,
“jti”: “1f64df04-e956-49e5-bbac-2252ecae5519”

Please help me here!


Hi @pfurini,

Is there any way to implement JWTs on top of Oauth2 in cuba platform.

Thank You!

If you have some relevant experience with Spring MVC, and a good amount of time, I can say yes…

CUBA REST APIs are plain Spring MVC controllers, and if you clone the source repo you’ll find them under the rest-api module. The relevant classes are under the com.haulmont.restapi.auth package, FYI.
But I can’t tell you the exact amount of effort needed, maybe it’s like “extend some bean here and there, replace another there, and good to go”, or more like “we need to write everything from scratch”…

On the other hand, if you intended to ask Is there any EASY way… well, the answer is no, I fear :wink: