Skip to main content

What are the steps and info on creating & using JWT token ?


How to use JWT is documented in great detail with our Developer Guide. I will refer you to the following resources to learning how JWT works on a variety of different levels.

1. Here is a page from our getting started section which walks you through the process of [creating an JWT credential][1].
2. Once a credential has been created, the JWT Quick Start guide in our Authentication section covers [how to use it within your code][2].
3. Finally, for a detailed walk-through of JWT, in case you need to implement the protocol in your own home-grown SDK can be found here: https://developers.ringcentral.com/guide/authentication/jwt-flow

But there is one other thing that should be mentioned given comments below: please make sure JWT is the best auth method for your application. JWT is designed for server-to-server auth. And while you can use it in other use cases, it was not designed for them, and therefore may have unintended consequences -- like creating the challenge of collecting and managing tons of JWT credentials on behalf of users. If you find yourself in this situation, you are encouraged to look more closely at the authorization code flow.

[1]: https://developers.ringcentral.com/guide/getting-started/create-credential
[2]: https://developers.ringcentral.com/guide/authentication/jwt/quick-start

That's great, but how do we create JWT tokens for all of our users? And our customers' users? Why isn't there an automated way or an API to do this?


@Tom - thank you for your feedback. I understand how things can be frustrating at times, but in the future I kindly ask that you not use profane language. I am the author of much of our documentation, so will do my best to answer your questions.

> For example, this is a direct quote from a documentation page: "The key to groking how RingCentral uses JWTs is in understanding that JWTs are not used directly to call the API."
> WTF is "groking"?

The term "grok" is perhaps an obscure literary reference from Robert A. Heinlein's Stranger in a Strange Land. A great book even if it is a little dated. He coined the term, but hackers began using it long ago. From the [Hacker's Dictionary][1]:

> To understand. Connotes intimate and exhaustive knowledge. When you claim to 'grok' some knowledge or technique, you are asserting that you have not merely learned it in a detached instrumental way but that it has become part of you, part of your identity.

Writing documentation, much less reading it, can sometimes be droll. That is why I at times try to introduce some levity or frivolity in my docs. Just to keep things interesting.

Moving on. Regarding your frustration about creating JWT tokens... your concern has been raised by others as well, and we have tried to adapt our documentation to address what I perceive as a fundamental misunderstanding of what problems JWT is optimized to solve.

I tried to capture that in a [recent article][2] I posted to the community to guide them in migrating away from password auth. The hard part is not the coding - it is selecting the best auth methodology. If a developer encounters the feeling, "OMG, how can I possible create JWTs for all the user's of my app?" Then chances are you have selected the wrong auth method. JWT is not designed for authing many different users. It is optimized for apps that need to collect a small and finite number of credentials to operate properly in the background. If you need to have many individual users auth, I strongly recommend you use the authorization code flow, a.k.a. "OAuth."

Thank you for your question. I hope this helps.


[1]: http://www.hackersdictionary.com/html/entry/grok.html
[2]: https://community.ringcentral.com/articles/117059/guidance-on-migrating-from-password-to-alternative.html

Reply