Solved: Support for JWT token?

Report Inappropriate Content · 09-10-2015 02:20 AM

Is there a way to generate JWT tokens in apigee ?

sarthak

Your best bet is to use the Java callout available on github to generate or validate JWT. Lots of examples are there, and it performs well.

As another option, you can do something similar using JavaScript. Please find attached a proxy which generates and validates a JWT token. This proxy was written by @Dino . JS is fully interoperable with JWT, but it is not as fast or efficient as the Java option. This becomes an issue when used in high scale situations.

It has a nice Readme Doc as well.

View solution in original post

anilsr

Dear @waseem ,

Apigee supports Node.JS applications. Using jsonwebtoken node module you can generate same.

Cheers,

Anil Sagar

vineet_vineetb

@Anil SagarIs there an example of how to do generate JWT token using jswonwebtoken node module and OAuth based xml policies?

sarthak

Hi @Vineet Bhatia

Your best bet is to use the Java callout available on github to generate or validate JWT. Lots of examples are there, and it performs well.

As another option, you can do something similar using JavaScript. Please find attached a proxy which generates and validates a JWT token. This proxy was written by @Dino . JS is fully interoperable with JWT, but it is not as fast or efficient as the Java option. This becomes an issue when used in high scale situations.

It has a nice Readme Doc as well.

vineet_vineetb

Thank You @Dino and @sarthak!

Report Inappropriate Content

Thank you @Dino, @Sarthak. this will help

DChiesa

Rather than using this example, (done in Javascript callouts) I suggest that you examine the Java-based callout published on github, that I produced for the iloveapis 2015 conference in Early October.

The project referenced above is written and implemented in Java, but does not require you to write any Java code in order to use it. It supports signed and encrypted JWT, using shared or public/private keys (RSA). The Java version performs much better than the Javascript version for signed JWT that use RSA keys. (4ms vs 400ms)

Nice Readme docs there also. Good luck!

DChiesa

I know this is old, but I'm inserting this answer here in case anyone else wants to know.

Your best bet is to use the Java callout available on github to generate JWT. You can specify the various claims to insert, including standard claims like issuer and audience audience, and also custom claims of any type. You can also specify how you'd like to sign the JWT, whether with a shared key or a private key. There's an example API Proxy that shows how to configure the policy to generate JWT.

Good luck!

Report Inappropriate Content

@Dino weve got a new use case that might need JWT... are we still looking at the same recomendation for how to implement it or has this changed?

DChiesa

Yes, same recommendation. This is in use in a number of different customers at this point.

Report Inappropriate Content

Hi We are trying to convert a JWK to pem and use the same to validate the JWT. I am using the jwk-to-pem node module to do the conversion but, I do get an error. Is there any other utility that converts the JWK to pem ?

DChiesa

Hi @karthiknarayan

Can you please ask a new question using the "Ask a Question" button?

When you ask, please provide some details as to the error you are seeing.