Create a JSON Web Token (JWT)
- Last updated
- Save as PDF
Most modern languages have JWT libraries available. We highly recommend that you use one of these libraries before trying to manually construct a token.
JWTs consist of three parts: Header, Claims & Signature. The header and claim set are JSON objects. These JSON objects are serialized to UTF-8 bytes, then encoded using the Base64url encoding.
Header
The header consists of two fields that indicate the signing algorithm and the format of the assertion. For example:
{"alg":"RS256","typ":"JWT"}
Claims
The JWT claims object contains security information about the message. For example:
{ "scope": "com.serraview.wf.sa.{report_secure_action_id}", "iss": "{service_account_id}", "aud": "https://{instance}.serraview.com/oauth2/token", "exp": 1417504039, "nbf": 1417500439 }
Attribute |
Type |
Description |
---|---|---|
scope |
String |
Secure action id for the operation being performed. To access a Serraview Report via the Serraview V2 API, you must specify the report's Secured Action ID, refer to Find the Secured Action ID for a Report. |
iss |
String |
The issuer of the claim i.e. Your service account id. |
aud |
String |
The audience of the token. Note that this field is case-sensitive and we recommend you use lowercase. |
exp |
Long |
Expiration time, as seconds since 00:00:00 UTC, Jan 1, 1970 |
nbf |
Long |
Not before time, as seconds since 00:00:00 UTC, Jan 1, 1970 |
Signature
The signature is computed by using the signing algorithm specified in the header. The only signing algorithm supported by the Serraview OAuth 2.0 Authorization Server is RSA using SHA-256 hashing algorithm. The signature must then be Base64url encoded. The input for the signature is the byte array of the following content:
{Base64url encoded header}.{Base64url encoded claim set}
The header, claim set, and signature are concatenated together with a period (.) character to form a complete JWT.
{Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}
Below is an example of a JWT that has been signed and is ready for transmission(Code has been formatted to fit in the code block):
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9. eyJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4 MS9vYXV0aDIvdG9rZW4iLCJpc3MiOiIyc3VJVDk2dDMwdXg5S0pNZ28yUldBIiwiZXhwIjoxNDE2NjcyNTkzLCJuYmYiOjE0MTY2NDAxOTN9. T6xYRgQV9VER30CUYjmcE6ETItoKTCZv0j1DbhJ2CvCKOQ4hGJAW15A2LQ3NibtUW66xpgwXoy91rMDabNceL9A5uTqkC0Vd8bZxVqb BPtnnvLufJ29GXytp1ceouvBWYJDbEY2li6MwkZ8klUSTRxo22zvhBiMaNaOxCHf_8wNoa6S-XyhCO5pcYUB3J8nTh2CZ8ickYjJ0qILyW8RudlO7tC5A37Z8AwNgLGXdeH cX15T2dajlVQ7pkVKpJzCYQo28klw3nSMPFaA1lxKLkqvqB-RqLDFEQ2MLrqV6aKDgaGFc4j0RCCf1VwrIxYwNdDKov8oxNf9olClc5w