Overview
Generate and validate JSON web tokens for use in integrating and authenticating with external systems, using a JWKS registry to get public keys for token signature validation. The create token functions support encrypted private keys in either the PKCS#1 or PCKS#8 standard.
Key Features & Functionality
I am trying to decode a token and I am receiving a null response. I am using the function decodeJWT() and in the parameter "jwksURL" I am using the same domain ( "">example.com/.../jwks.json" ) as when creating the token with the function "createtokenwithcustomclaims()".
I created the private key with format PKCS#1 and I put the token on jwt.io and nothing is wrong with it.
Any suggestions on what could be wrong?
Am creating the token and using it in integration object as mentioned in the snapshot, getting {"errorCode":"AUTHORIZATION_INVALID_TOKEN","message":"The access token provided is expired, revoked or malformed."}.
Please suggest how to fix the issue.
Hi Paolo,
The problem seems to be the format of the private key. The plugin expects the private key in PKCS#1RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY) format and you are setting it in PKCS#8PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY)Please double check but I think you might be able to convert from PKCS#8 to PKCS#1: openssl rsa -in private_pkcs8.pem -out private_pkcs1.pem
Thanks, Leandro.
It works now! Thanks a lot for your help Will Ruck.
Close! Below is what my setting looks like. You only want to have the Private Key in that field, not the public and private.
Will Ruck Ah okay, I have added JWT. My key in the credentials is named appianprivatekey with both the public and private keys pasted as the values. Is this the correct way to do it? Because currently I'm getting "Appian JWTTools failed to generate JWT Token". Thanks!
You need to 'allow' the plugin to gain access to the secure credential store values. In the Admin Console, go to Integrations > Third-Party Credentials > open your secure credential you have the RSA key stored in. Under 'plugins', search for 'JWT', add it, and click save. That should do the trick.
Will Ruck Thanks. I wanted to know where we would actually enter the RSA Keypairs in this function? My code is exactly like your example. However, I receive the following:
Expression evaluation error at function fn!createdocusignrsajwttoken: This plug-in [jwtTools] is not registered to access secured values for the given external system key [docusign]. Check the external systems plug-ins list in the Administration Console.