Skip to main content

How to provide an Authorization Token in Java (JWT)

The Temporal Server expects an authorization gRPC header with an authorization token to be passed with API calls if requests authorization is configured.

Authorization Tokens may be provided to the Temporal Java SDK by implementing a io.temporal.authorization.AuthorizationTokenSupplier interface. The implementation should be used to create io.temporal.authorization.AuthorizationGrpcMetadataProvider that may be configured on ServiceStub gRPC interceptors list.

The implementation is called for each SDK gRPC request and may supply dynamic tokens.


One of the token types that may be passed this way are JWT tokens. Temporal Server provides a default implementation of JWT authentication.


  AuthorizationTokenSupplier tokenSupplier =
//your implementation of token supplier
() -> "Bearer <Base64 url-encoded value of the token for default JWT ClaimMapper>";
WorkflowServiceStubsOptions serviceStubOptions =
//other service stub options
.addGrpcMetadataProvider(new AuthorizationGrpcMetadataProvider(tokenSupplier))
WorkflowServiceStubs service = WorkflowServiceStubs.newServiceStubs(serviceStubOptions);
WorkflowClient client = WorkflowClient.newInstance(service);