Create a JSON Web Token (JWT)

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. JWT.io libraries were used in this sample to generate the JWT.
The service credentials that you have downloaded in the previous step contains the private key in the PKCS#1 format.To extract the private key from this string we have used BouncyCastle libraries. The crypto libraires that are part of java do not support PKCS#1 format.

The following code was used to generate the JWT:

public String getJWTToken()
	{
	        Security.addProvider(new BouncyCastleProvider());
	        RSAPrivateKey privateKey = null;
	        GetServiceCredentials getCredentials = new GetServiceCredentials();
	        try
	        {

	            long now = System.currentTimeMillis();
	            Long expirationTime = now + TimeUnit.MINUTES.toMillis(5);
                // get the private key string from the service credentials
	            String privateKeyString = getCredentials.getPRIVATE_KEY();
	          //The JWT signature algorithm we will be using to sign the token
	            SignatureAlgorithm sa = SignatureAlgorithm.RS256;


	            Reader targetReader = new StringReader(privateKeyString);
	            // PEMParser removes the unnecessary headers and decodes the underlying Base64 PEM data into a binary format.
	            PEMParser pemParser = new PEMParser(targetReader);
	            // tores the result generated by the pEMParser
	            Object object = pemParser.readObject();
	            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
	            KeyPair kp = converter.getKeyPair((PEMKeyPair) object);
	            privateKey = (RSAPrivateKey) kp.getPrivate();

	          //Let's set the JWT Claims

	            Map < String, Object > jwtClaims = new HashMap < String, Object > ();
	            jwtClaims.put("iss", getCredentials.getORG_ID());
	            jwtClaims.put("sub", getCredentials.getTECH_ACCT());
	            jwtClaims.put("exp", expirationTime);
	            jwtClaims.put("aud", "https://" + getCredentials.getIMS_ENDPOINT() + "/c/" + getCredentials.getCLIENT_ID());
	            String metascopes[] = new String[] { getCredentials.getMETASCOPE_ID() };

	            for (String metascope: metascopes)
	            {
	                        jwtClaims.put("https://" + getCredentials.getIMS_ENDPOINT() + "/s/" + metascope, java.lang.Boolean.TRUE);
	            }


	            // Create the final JWT token
	            String jwtToken = Jwts.builder().setClaims(jwtClaims).signWith(sa, privateKey).compact();
	                System.out.println("Got JWT Token " + jwtToken);
	                pemParser.close();
	            return jwtToken;

	        } catch (IOException e) {

	                System.out.println("The error is " + e.getMessage());
	        }
	        return null;

	}


On this page