generate_jwt

The generate_jwt statement is used to generate an RFC 7515-compliant JWT (JSON Web Token) which can be used, for example, for Google Cloud OAuth 2.0 Server to Server Authentication.

Syntax

generate_jwt keykey component1 [... componentN]asresult

Details

The generate_jwt statement performs the following actions:

  • encodes all components as Base64URL

  • concatenates all components using a dot separator (.)

  • hashes the concatenated result using SHA256

  • signs the hash with a provided PEM-encoded key using the RSA algorithm

  • encodes the resulting signature as Base64URL

  • builds JWT by concatenating the two results using a dot separator (.)

  • stores the final result in th variable specified by the result parameter

Example

To acquire a Google Cloud OAuth 2.0 access token:

var private = "-----BEGIN PRIVATE KEY-----${NEWLINE}key goes here${NEWLINE}-----END PRIVATE KEY-----"
var email = "[email protected]"
var url = "https://www.googleapis.com/oauth2/v4/token"
var scope = "https://www.googleapis.com/auth/cloud-platform"

var now = ${UNIX_UTC}
var expiry = (${now} + 3600)

var header = "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"
var payload = "{\"iss\":\"${email}\",\"scope\":\"${scope}\",\"aud\":\"${url}\",\"iat\":\"${now}\",\"exp\":\"${expiry}\"}"

generate_jwt key ${private} ${header} ${payload} as JWT

# Make HTTP request according to https://developers.google.com/identity/protocols/OAuth2ServiceAccount
set http_header "Content-Type: application/x-www-form-urlencoded"
set http_body data "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${JWT}"
buffer token = HTTP POST "${url}"

if (${HTTP_STATUS_CODE} != 200) {
	print Got HTTP status ${HTTP_STATUS_CODE}, expected a status of 200
	print The server response was:
	json format {token} 
	print {token}
	terminate
}

var access_token = $JSON{token}.[access_token]
print Access token: ${access_token}

Last updated

Was this helpful?