Generate JWT

generate_jwt

Best Practices

  • Avoid generating JWTs with unlimited or very long expiry.

  • Create short-lived JWTs that are valid only for a few minutes using exp claim in the payload.

  • Add a nbf claim for scheduled meetings so that the host cannot create a meeting before meeting start time.

  • Limit one JWT to a single room by setting room to the meeting roomName instead of "*".

  • Keep your api key safe and secret.

 

Use the following code snippets to generate JWTs. Find and replace all instances of cm-consumer-id with your Clan Meeting consumer ID. Copy the cm-api-key.pem file shared with you and add relative file path if required.

 

Node.js

Refer: https://github.com/auth0/node-jsonwebtoken

 

 

PHP

Refer: https://github.com/firebase/php-jwt

Use composer to manage your dependencies and download PHP-JWT:

Optionally, install the paragonie/sodium_compat package from composer if your php is < 7.2 or does not have libsodium installed:

 

 

Python

Refer: https://pyjwt.readthedocs.io/en/stable/usage.html#encoding-decoding-tokens-with-rs256-rsa

 

 

 

Ruby

Refer: https://github.com/jwt/ruby-jwt

Rubygems:

Bundler:

Add the following to your Gemfile

And run bundle install

 

 

Java

https://github.com/auth0/java-jwt

OR

https://github.com/jwtk/jjwt

 

Others

RS256 algorithm should be supported by the library used to generate JWT.

https://jwt.io/#libraries-io