Welcome! Log In Create A New Profile

Advanced

Sign JWT

Posted by DerekM 
Forum List Message List New Topic
DerekM
Sign JWT
January 19, 2022 11:22AM
Hi

Can anyone assist with WLanguage syntax (Ver 26) to sign a JSON Web Token.

The VB syntax uses Jose.io :-
' create the signed JWT assertion
Dim token = Jose.JWT.Encode(payload, rsaCsp, Jose.JwsAlgorithm.RS256, extraHeaders)

i sourced and translation a snippet from Patrice in the the French forum (JSON Web Tokens (JWT - RFC 7519 - Signature) with 2 procedures that looks like (below)::-


If anyone is familiar with this, could you please let me know if this is the correct approach, or suggest some other syntax.

Many thanks in advance.

Regards,
Derek




PROCEDURE JWTSignature(sHeader is a string,
sPayload is a string,
sSecret is a string)

sRes is a string
sData is a string
bufBuf is a Buffer

bufBuf = HashString(HA_HMAC_SHA_256, sHeader + "." + sPayload, sSecret)

sRes = UTILBase64EncodeURL(bufBuf)

RETURN

//--------------------------------------------------------------------------------

PROCEDURE UTILBase64EncodeURL(LOCAL sData is string)

sRes is string = Encrypt(sData, "", compressNone + cryptNone, encodeBASE64)

sRes = Remplace(sRes,"/","_")
sRes = Remplace(sRes,"+","-")
sRes = Remplace(sRes,CR,"")

i is int

i = Taille(sRes)

WHILE i>0 _ET_ sRes[[i]]="="
i-=1
END

RETURN Left(sRes,i)

//-------------------------------------------------
Reply Quote
Argus
Re: Sign JWT
January 19, 2022 03:18PM
I'm not familiar with the subject, but your code is buggy...

You are passing a buffer to a procedure waiting for a string
As the buffer is the result of a hash, it's possible it contains binary zero=End of String

So you should use a buffer in both places
Reply Quote
DerekM
Re: Sign JWT
May 24, 2022 03:40AM
Just leave this note here in case it is useful to someone sometime.

The whole JWT process can be quite complex and difficult to debug. I spent a considerable time trying to code this in WebDev and it seemed that what I ended up with should have worked - but didn't.

So I re-wrote this in C#.NET and used the dotnet assembly in WebDev. Works 100%. In hindsight - this is what I should have done initially. These algorithms are not trivial. Had to also learn quite a bit more about .NET to integrate this with WebDev - but - when you (finally) know how- it's easy smiling smiley

Regards,
Derek
Reply Quote
Newer Topic Older Topic
Author:

Your Email:


Subject:
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: