JWT Functions

Hey, for some reason I am unable to set reserved keys in the payload, and then when using TokenOptions for jwtverify options it still does not seem to add them:

eyJhbGciOiJIUzI1NiJ9.eyJwYXkiOiJsb2FkIiwiaWF0IjoxNjQ3OTQwNjg1fQ.-deGIDlA2fC3NnBbl3yqLI_ODHgel8QzTfXzpc7aiQg

Any ideas why this is not working?

• Security Updates

Hi John.

Thanks a lot, I added the private key and it is working.

Thanks !!

Hi Jonathan,

The problem is you have an invalid key. If you will be generating your own key, you can use tools such as openssl or similar.

You may check this https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9.

Your private key should look something like this:

What you'd want to do then is to get the whole key, remove the newline characters, and save that in your SCS.

Then you can use the key in your expression.

Note: you don't need to put IAT in your payload, this is automatically added.

I'm not sure what your use-case is, if you really need to use RS256 (asymmetric), but a simpler way is using HS256 (symmetric). You just need to generate a random string  as your secret (you may use jwtgeneratesecretkey) and store in your SCS.

Thanks

Hi John,

This is the expression.

Related with private key, I don't know how to create it exactly, I was  trying to fix the shown errors and at the end I only created third party credentials in admin console as follows.

Should I do something else ?

Thanks !!

Hi Jonathan,

Can you share the expression you're using? Also, how did you generate the private key?

Thanks

Hi John, 

Should I configure something in our environment in order to use this plug-in ? 

I already created third party credentials in admin console and I'm using  that key in "secretOrScsKey" parameter, but it is retrieving the following error.

 I'm trying to use  RS256

Thanks in advance.

• Fixed key ID not being set
• Added new field in TokenOptions: scsKeyId (boolean) - When set to true, "kid" will automatically be set to the SCS key and field used to sign the token
• Added new field in DecodeOptions: scsKeyId (boolean) - When set to true, will automatically use "kid" as SCS key and field to verify the token

Hi sid,

I just submitted a new version, you should expect this in a few days.

Not sure if it helps, but I also added new parameters to TokenOption and DecodeOptions: scsKeyId.

This should automatically add the scs key and field as your  "kid" when signing, and use the "kid" to get the scs key and field when verifying.

Hi John,

Thanks for your response. Just wanted to check if you get a chance to get the plugin updated as per the request above?

Thanks,

Siddharth