I have checked the following:
This feature
Describe the feature you want to add, and how it would change your usage of Bruno
Problem
Today, to call an API that requires an HMAC-signed JWT, every request needs a pre-request script like:
const jwt = require('jsonwebtoken');
const token = jwt.sign(
{ iss: bru.getEnvVar('ISS'), aud: 'configurations', exp: Math.floor(Date.now()/1000) + 3600 },
bru.getEnvVar('SECRET'),
{ algorithm: 'HS256' }
);
req.setHeader('Authorization', 'Bearer ' + token);
This has to be copy-pasted to every request, is not discoverable from the UI, doesn't version cleanly in .bru, and breaks if a teammate forgets to add it.
Postman has a native "JWT Bearer" auth type that handles all of this — Bruno doesn't yet.
Proposed feature
A new auth mode JWT Bearer, alongside the existing Bearer Token, that:
Lets the user pick Algorithm (HS256 / HS384 / HS512)
Takes a Secret (sensitive, supports {{vars}})
Takes the JWT payload claims as a key/value/type table where each row has:
Key (supports {{vars}})
Value (supports {{vars}})
Type: String | Number | Boolean | JSON — so iat/exp can be numeric, id3-style claims can be nested objects, etc.
A "View as JSON" toggle for inspection
Signs the JWT at runtime (after variable interpolation) and sets Authorization: Bearer <token>
Why
Removes ~10 lines of script per request
Discoverable from the same dropdown as Bearer / Basic / OAuth
Versionable: the auth lives in the .bru file
Works the same in the Electron app and in bru run (CLI)
### Mockups or Images of the feature
_No response_
I have checked the following:
This feature
Describe the feature you want to add, and how it would change your usage of Bruno
Problem
Today, to call an API that requires an HMAC-signed JWT, every request needs a pre-request script like: