G
goo
Guest
OE 11.7 JWT grant | ID-porten I am trying to find out how I can build the JWT to ask for a token I have done kind of same communication, but never used JWT. After looking around I found jwt.io very usefull, but still not crystal clear. Header: x5c optional The business certificate/eseal (virksomhetssertifikat) of the organization. Full certificate chain, see RFC7517 chapter 4.7 . I have got two .p12 files and one .cer and as I understand I am going to do something like this: one of the .p12 I shoud use for authorization and cryptation and the other .p12 is used for signing: so p12auth.p12 and p12sign.p12 make Header (in json) alg:RS256 x5c: Body: aud: https://oidc-ver2.difi.no/idporten-oidc-provider/ iat: set to timestamp of generation exp: iat + 120 seconds jti:not sure if needed, but just a unique code then I do a b64Header = base64(header) b64Body = base64(body) b64HeaderAndBody = base64(b64Header + '.' + b64Body) RSASSAPKCS1v15Signature = RSASSA(b64HeaderAndBody,givenSecret,SHA256) JWT=b64Header + '.' + b64Body + '.' + RSASSAPKCS1v15Signature Then I send it using: POST /token Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &code=n0esc3NRze7LTCu7iYzS6a5acc3f0ogp4 &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer &client_assertion= Have I forgotten something? I just have to say that I find it very difficult to read this kind of documentation that the authprovider has given, but thas me.... //Geir Otto
Continue reading...
Continue reading...