How to generate JWT - info needed

Posted by goo on 30-Nov-2019 08:40

OE 11.7

I am trying to find out how I can build the JWT to ask for a token I have done kind of same communication, but never used JWT. After looking around I found very usefull, but still not crystal clear.


x5c optional

The business certificate/eseal (virksomhetssertifikat) of the organization. Full certificate chain, see RFC7517 chapter 4.7.

I have got two .p12 files and one .cer and as I understand I am going to do something like this:

one of the .p12 I shoud use for authorization and cryptation and the other .p12 is used for signing: 

so p12auth.p12 and p12sign.p12

make Header (in json) 


x5c:<this part I am not sure about, is this where I place .p12 or convert .p12 to a .pem and place the result here?? or is it the .cert?>


aud:  <--- url encoded (probably, since it contains) :

iss:<my client id>

iat: set to timestamp of generation

exp: iat + 120 seconds

jti:not sure if needed, but just a unique code

then I do a

b64Header = base64(header)

b64Body = base64(body)

b64HeaderAndBody = base64(b64Header + '.' + b64Body)

RSASSAPKCS1v15Signature = RSASSA(b64HeaderAndBody,givenSecret,SHA256)

JWT=b64Header + '.' + b64Body + '.' + RSASSAPKCS1v15Signature

Then I send it using:

POST /token
Content-Type: application/x-www-form-urlencoded

&client_assertion=< the JWT I made>

Have I forgotten something?

I just have to say that I find it very difficult to read this kind of documentation that the authprovider has given,
but thas me....

//Geir Otto


All Replies

Posted by goo on 30-Nov-2019 09:19

This is probably the correct posting for TOKEN:

POST /token

Content-type: application/x-www-form-urlencoded


This thread is closed