|
|
|
|
|
|
|
|
|
|
- How to use a JWT assertion
JWTCreateAssertion (Function) In french: JWTCréeAssertion
 Not available
Creates a JWT assertion. This assertion has a specific structure. An assertion is a JSON Web Token (JWT) that consists of three parts separated by points (.). - Header:
The header contains metadata such as the type of token (JWT) and the signature algorithm used (e.g., HS256 or RS256).
JSON example:
{
"alg": "HS256",
"typ": "JWT"
} - Payload:
This part contains the claims, i.e. the information to be sent. It can be:- Standard claims (e.g., "iss" for issuer, "exp" for expiry date).
- Custom claims, depending on your needs.
JSON example:
{
"sub": "1234567890",
"name": "John Doe",
"admin": true,
"iat": 1516239022
} - Signature:
The signature guarantees the integrity of the token. It is calculated from the header and payload using a secret key (for HMAC) or a private/public key pair (for RSA or ECDSA).
tenant_id is string = "xxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxx"
client_id is string = "xxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxx"
token_url is string = "https://login.microsoftonline.com/" + tenant_id + "/oauth2/v2.0/token"
header is JSON
header.alg = "RS256"
header.x5t = "0mjTHGD4wwEmkgfd45RHgqgfsas="
header.typ = "JWT"
payload is JSON
payload.iss = client_id
payload.sub = client_id
payload.aud = token_url
date_now is DateTime
payload.iat = DateTimeToEpoch(date_now)
date_now..Time += 2
payload.exp = DateTimeToEpoch(date_now)
private_key is string = [
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLqXc2nE0iTK++
puV2N+H2DoXLjwi36y84LRdLFbfT7BIybOBehIhfGRNY3NsdCShw2VhGGHn1sWl5
2+w6Y2VCZqbMG0XfowdVq1TExyuIeEcRhieiG4EMjP6+yIvwf7rIkmjmflisHBks
iXNeBx1CwvfpafU3ssMAaQ+F1z8LhN1w5REAx8+nALMFOoGHK83edutxesqggpyk
bmcKM8R18ty9au6/sTcOXmnCy</span>KnSk8kOGvvjSvQG3UVWIKUrXdRxGami+Z7EhW
YBJRMlK1YFOzTLJo1kRebUBvZxMXCWxwYjj3uLIk9a/EtTUEVvSvSxxy7KTGK5Xi
9h8hf9UdAgMBAAECggEAD/6oMS7HVAlHyCZdYRJ0eZmcYmdCXQdodvX7nVcAT/F7
YGByopmwCB/1CAaYYshkV7CKIT8s3OHpEbv26oMB5dwj/2Wo8C5ilhTVnHqz7Yzc
sACkPjQAx5aPLzaa3vF5HuV4vZlwp1uxknDdEaZnYuXjCH7c1loAvJiDspQ8DFBn
8KauP5ww3hHIldLgdRu0TCNYIZnsNyTZRKd5PTZOvRtuHJGtYhrc4napcG2GS3ej
Nj7Uv23CxdbIFCu4J2C7BZdxNbT05koqZoAdmemVg6dnVXctVZSlIjZ4sE/6Dl7h
mlrmaV3TJdHuZTIvsDDvA2b7ujAxWnT6CKo31qSXQQKBgQD9T0UC+inzPTSlK6pr
RaxpTHW0eB9S6Q5/sT5I1VNYoRYe3t2MRcypDu</span>VIBZwywPy0WTcrXU8VXawR9a
0Cn3XXlMUe1bjIvuX5/3M8NgPihn7U3b4JeVpExggFioJPfktOELoaL5Dcaw6LRB
abdpirn9ZUtpmHZG+nNCfT+EjQKBgQDN0zUsZrAkBcq6dZEqzFt2SOh7UP4RwEED
D7NU1Y1P27e51zOcSD4IiQ5vuvxnRjB00QmAwk3ycDLMOd4GrNwtjCpXp5D+qkut
Ct5XZUuP+SMuVDhLhwCfw1l7LQvQJQDFGNZW9Bb9mNiKasWSDLDK1xNgv4uq9OQv
vZMzV2KW0QKBgQCB/wlaosmek92NmmAmFyaJD30kdbUVlpcjPvHI7PmN9XVluFgY
YcXLSOSBd886wae+H0KAjhD0zDmUPyH5N/Uhhm32leDq57D0T0zHz1/H535S/3zC
h3sjh6LOr29QM1CopY8MqhH6IHDEX1gKbdd7qX8TpMVT1rN0b5lxGNfdDQKBgFdb
1a3Kx+gCLVGGpN6tbgR+XW45qhyOpQlPmKXhHeFPOGPAWz9xyiKFSYNSsd6Dg/2Q
25+y2LKVvHnB9eKPa8RJQY+Cp5/vV79SZZxieffZnn0DcgFcg39LwqbtL55gljsR
l6fAYiGwxfe56bFbgY4WSzs9EWK2HkPFCr030biBAoGBAIOMvTq4Piqd2P/ShAoG
33xcBTwrmVKutEZH96BU77/IdD6B7s4jP0v7n9omdhttcVtBl5KThmNpvMAhbtb7
7coQ/ynoCpRZROS58hHhYQjIIuQO2RAsxBnaXP1gUFjQr9huDtgT9CDr8PoIIwYV
yYMBbJxhKhlBY9gYByl5G1qO
-----END PRIVATE KEY-----
]
assertion is ANSI string = JWTCreateAssertion(header, payload, private_key)
oauth_param is OAuth2Parameters
oauth_param.TokenURL = token_url
oauth_param.GrantType = gtCustomGrantType
oauth_param.AdditionalParameters = StringBuild([
client_id=%1&
scope=api://dsp-rscs-int/.default&
grant_type=client_credentials&
client_assertion=%2&
client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
], client_id, assertion)
MyToken is AuthToken = AuthIdentify(oauth_param)
IF MyToken.Valid THEN
Info("ok")
ELSE
Info(ErrorInfo(errFullDetails))
END
private_key is string = [
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCioOja8od0VNih
1j2l9h7K9Q9z81xm26RVW+EZoed+k94m+3X/HAgSOuTWI/JcJniXAQRpP2KknqCc
onWqRtFa4MWdM47vwbUMmDC7FAKT0bKumYpIS/dNXR9BkANjil0ktHe3FGK5Xeuq
YFbDQ8GZTNxAEjvE3NPJ7lRun9DZ9HpTEtNehHjsl7D3njTxo1wuRv0fU+GYqN1J
hspIXeAY96mXxRBEJZyH8CVCt92MCSDlwgnEopvO/JwFPmqSJ63BNs2cUxjImdKw
dmKvIUqoFjWEJmt38ovA17C0r6ykcW6EoTBBW10rl2h9uABuYFxYjoqmyETnD73b
+NJZTSd1AgMBAAECggEAEcvA32ClwO2d7Qu4IEaP9Q6e+8W4KUtErtCIj9j/L4M3
zpU6wslK+s+2BdbWKQ5OqNuEI447mZ8AHVPLw2/Pbf3lsf+X1xWf3bpzrq0QYSOT
xXZowuOJMs6LYo3DSSu1aJRU+1RAP1+PL8wuAl0SPNfDzEESiEbP6Ctr0tUrMgZZ
eK67y8Mar9WsQAJUxl0k2b5qh/mPtNqi5TtJjNaszf8nfFtstNEbb3xxdQHs7nQ3
RsFV4deSjXKOOxdUvNUrqtwM9ru5m2+7eAcUpJw+Rkjbc+aWnzjRuZO15b6kTo2s
njRlWPqzDR4vjoO+l6ccSXXxRxu6wDB3QT8rRgXvWwKBgQDXwkcFKhW59b4J2N9I
E1lCu1sej4AQQlm1yHI389Nc62rlMl2by7VWEH5djpPXgVqwt/y3B3awfC3IFtYj
6P/uR+fc4AENS9OR8blJlA8eB60jpX3acSnvuwEbgqus2bVTOvvIU23SUxlfmqpn
Kx09vHTPhSXIPQKKtZk3eocsWwKBgQDA9di6gBPqyMnWCYDWmrfcDehX6swsEFAy
zpbtLJso7h428mjvIlOaB5Mon1VpkaDLNPEeSz8lT/LEqmcRhSiD8sJWNi7Mx7U2
Btg0KDq2U4PDOGqvaUqMRC9hL8h9ncsKI8DfcmpEHm6NzAkmjfftIaJeum9SEB52
EuvgAhaEbwKBgQCFlvLmTbJ6G5/49OD6/Y/s85htiahfaNWm6l9eKYgbJmBfXRn8
ltrGWRwEzXzYmG0Qsjq1ENf6Wkj2dL1OKrwcS0VSyxebpfFvkd2JozThARvA0Hzm
Pd8bYgxDflrRgVL2H7U5yf5blbxGJ7uOeXF3gjJJM0W7f5sNS3d8lE8RtQKBgBjU
SbQN4QI4Hgilpmd29yuguoH9m5Ib80XmYXNZZwnIQikN3kTPJPTP/raecg4oiAk9
4bzlL9XsSK/XwXV2rfT0mt8fD7yYAhBWpyFm/88QRgcrzkaOBOKxr2sRC/pmAIdo
fFwES/pB9DXYyGCmqf1gc5U+5i4oFtNYsfNcMWuPAoGBAI+vQCxWiYF8lruDqxOx
Z/wL9Q43P4mPAhZWSKzxat4SnZUZgCVhr5gniSv5GxXGMQIMtdlbbjEwFnPob9iz
ZiyeyY6BIVUBG4owAkEGFOeU7rLeP4Ia7FOv2B9uDiaP3wxMkbOWVmMutP/FAWmv
OthjEhg/w3a5Z0GLf0Doof9C
-----END PRIVATE KEY-----
]
header is JSON
header.alg = "RS256"
header.typ = "JWT"
header.kid = "520c557b7bf48976eff0680ab63a676946ff1cdc"
payload is JSON
payload.iss = "firebase-adminsdk-eaz6m@pctestlst.iam.gserviceaccount.com"
token_url is string = "https://oauth2.googleapis.com/token"
payload.aud = token_url
date_now is DateTime
payload.iat = DateTimeToEpoch(date_now, epochUnixSecond)
date_now..Time++
payload.exp = DateTimeToEpoch(date_now, epochUnixSecond)
payload.scope = "https://www.googleapis.com/auth/firebase.messaging"
payload.test = 1
assertion is ANSI string = JWTCreateAssertion(header, payload, private_key)
oauth_param is OAuth2Parameters
oauth_param.TokenURL = token_url
oauth_param.GrantType = gtCustomGrantType
oauth_param.AdditionalParameters = StringBuild([
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&
assertion=%1
], assertion)
token is AuthToken = AuthIdentify(oauth_param)
IF token.Valid THEN
Info("Valid token")
ELSE
Error("Invalid token")
END
Syntax
Creating a JWT assertion signed with a private key Hide the details
<Result> = JWTCreateAssertion(<JWT header> , <JWT payload> , <Private key>)
<Result>: Character string JWT assertion to be used for authentication. <JWT header>: Character string JWT assertion header in JSON format. <JWT payload>: Character string JWT payload to be used for the assertion. <Private key>: Character string Private key to be used to sign the JWT assertion.
Creating a JWT assertion signed with a certificate Hide the details
<Result> = JWTCreateAssertion(<JWT header> , <JWT payload> , <Certificate>)
<Result>: Character string JWT assertion to be used for authentication. <JWT header>: Character string JWT assertion header in JSON format. <JWT payload>: Character string JWT payload to be used for the assertion. <Certificate>: Certificate variable Name of the Certificate variable to be used to sign the JWT assertion. This certificate mainly used for RS256 encryption. Remarks How to use a JWT assertion In OAuth 2.0, assertions are an efficient and secure method of client authentication. Compared to the usual customer ID and secret, assertion uses JSON Web Tokens (JWTs) for better security and flexibility, making the authentication process clearer and more reliable. If JWT assertion has a standard structure, the information present in the different parts of this assertion may depend on the information expected by the authentication server. To use the new JWT assertion, the following elements must be specified in the OAuth2Parameters variable: - the GrantType property must be set to gtCustomGrantType.
- the AdditionalParameters property must contain the code to include the JWT assertion in the authentication process.
Note: Depending on the information expected by the authentication server, the ClientSercret and ClientID properties of the OAuth2Parameters variable must be specified, even when using a JWT assertion.
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|