Generating a JWT in Ruby -
i trying post ping identity's pingid api , keeps giving me 403 invalid signature.
i encoding json messages correctly. header string identical example data not sure if creating hmac sha256 signature correctly.
i'm using the api walkthrough , code i've written is:
require 'json' require 'base64' require 'openssl' require 'rest-client' use_base64_key = "jwc41crr322aufdckvfjkhvgknipyapgl7rmstbzhla=" jwtheader = { "alg": "hs256", "org_alias": "aaaaaaaa-a1b2-123a-b456-1234abcd5678", "token": "1a2b3c4d5e6f" } jwtpayload = { "reqheader": { "locale": "en", "orgalias": "aaaaaaaa-a1b2-123a-b456-1234abcd5678", "secretkey": "1a2b3c4d5e6f", "timestamp": "2015-09-03 11:57:25.229", "version": "4.6" }, "reqbody": { "activateuser": false, "email": "marcher@pingdevelopers.com", "fname": "meredith", "lname": "archer", "username": "meredith", "role": "regular", "clientdata": nil } } jwtheader64 = base64.urlsafe_encode64(jwtheader.to_json).chomp[0...-1] jwtpayload64 = base64.urlsafe_encode64(jwtpayload.to_json).chomp[0...-1] signeddata = jwtheader64 + "." + jwtpayload64 digest = openssl::digest.new('sha256') instance = openssl::hmac.digest(digest, use_base64_key, signeddata) signature = base64.urlsafe_encode64(instance).chomp[0...-1] when use own information, returns 403 error. timestamp in format i'm using:
timestamp = time.now.utc.strftime("%m-%e-%y %h:%m:%s.000") what doing incorrect?
solution:
i able use code construct token:
require 'json' require 'base64' require 'openssl' require 'rest-client' pidalg = "hs256" pidorg = "aaaaaaaa-a1b2-123a-b456-1234abcd5678" pidtok = "c9fed74c5c994509b849ff65adb367d1" timestamp = time.now.utc.strftime("%y-%m-%d %h:%m:%s.000") uid = "meredith" pidkey = "jwc41crr322aufdckvfjkhvgknipyapgl7rmstbzhla=" #jwt header jwtheader = { "alg": pidalg, "org_alias": pidorg, "token": pidtok } #jwt payload jwtpayload = { "reqheader":{ "locale":"en", "orgalias":pidorg, "secretkey":pidtok, "timestamp":timestamp, "version":"4.6" }, "reqbody":{ "getsamedeviceusers":false, "username":uid, } } jwtheaderjson = jwtheader.to_json jwtheaderutf = jwtheaderjson.encode("utf-8") tokenheader = base64.urlsafe_encode64(jwtheaderutf) puts tokenheader jwtpayloadjson = jwtpayload.to_json jwtpayloadutf = jwtpayloadjson.encode("utf-8") tokenpayload = base64.urlsafe_encode64(jwtpayloadutf) puts tokenpayload signeddata = tokenheader + "." + tokenpayload digest = openssl::digest.new('sha256') bin_key = base64.decode64(pidkey) puts bin_key instance = openssl::hmac.digest(digest, bin_key, signeddata) signature = base64.urlsafe_encode64(instance) puts signature apitoken = signeddata + "." + signature puts apitoken
your code correct you're using base64-encoded representation key sign jwt should using binary key, i.e. first base64-decode in:
digest = openssl::digest.new('sha256') bin_key = base64.decode64(use_base64_key) instance = openssl::hmac.digest(digest, bin_key, signeddata) signature = base64.urlsafe_encode64(instance).chomp[0...-1] 
Comments
Post a Comment