The idea is:
It should be possible to use JWT credentials directly in the HTTP node.
My use case:
Securely accessing JWT-protected APIs without leaking the JWT token into the workflow execution history. In particular, this is useful for impersonating user access for internal APIs, as well as Google Cloud APIs using domain-wide delegation service account.
I think it would be beneficial to add this because:
JWT is a common authentication mechanism for APIs, and APIs are often accessed via the HTTP node. At the moment JWT creds can only be used by JWT nodes and webhooks.
This encourages a workflow design where JWTs are generated in the JWT node and then passed to the HTTP node, revealing the token to the workflow execution history and any other node from the same workflow. It is simply not possible to use the JWT credentials to generate a token and use it for the HTTP request in one go, without running intermediate nodes.
While you could argue that the workflow execution history could be turned off, or even that JWTs are typically short-living and the risk is low, there is still a risk of leaking the token if not being paranoid-level careful, and there is simply no other workaround.
Any resources to support this?
–
Are you willing to work on this?
Yes, I’d love to contribute, as long as there is some help from the n8n team to:
- Sort out the UX, because there could be many ways to specify how the JWT should be used on the request
- Find ways to reuse existing JWT-related code without reinventing the wheel.