Create and Sign a JSON Web Token (JWT) with JavaScript

<!doctype html><html lang="en"><head>  <meta charset="utf-8">  <title>Sign Tokens for AaaS</title>  <script src="forge.min.js"></script>  <script src="uuidv1.js"></script></head><body>  <script language="javascript" >  
	// base 64 URL encoding 
	function base64EncodeUrl(str){
		return window.btoa(str).replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, '');
	}
		 
	function signToken() {
		
		// loading private key 
		var privateKey = forge.pki.privateKeyFromPem( YOUR_PRIVATE_KEY_PEM );
		
		// computing the SHA 256 thrumprint of the DER to be used as a kid (key id)  
		var privateKeyDER = forge.pki.pemToDer( YOUR_PRIVATE_KEY_PEM );
		
		var kidHash = forge.md.sha256.create();
		kidHash.update( privateKeyDER.data , 'raw');
		
		// JWT header 
		var header = {
			alg: "RS256",
			kid: base64EncodeUrl( kidHash.digest().data )
		};
		
		// JWT body 
		var token = {
            sub: "YOUR_CLIENTID",
            aud: "https://AAAS_PLATFORM/idp/YOUR_TENANT/authn/token",
            nbf: Math.floor(Date.now() / 1000) - 30,
            iss: "YOUR_CLIENTID",
            exp: Math.floor(Date.now() / 1000) + (60 * 60),
            jti: uuidv1(),
            iat: Math.floor(Date.now() / 1000) - 30
        };
		
		// The signature is the header and the body base64 URL encoded, SHA 256 hashed, signed with the key 
		var md = forge.md.sha256.create();
		md.update( base64EncodeUrl( JSON.stringify(header) ) + "." + base64EncodeUrl( JSON.stringify( token ) ), 'raw');
		
		var signature = privateKey.sign(md, "RSASSA-PKCS1-V1_5");
		
		// this prints a signed token ready to send to the Authentication Service !
		console.log( base64EncodeUrl( JSON.stringify(header) ) + "." + base64EncodeUrl( JSON.stringify( token ) ) + "." + base64EncodeUrl( signature ) );
		
		
	}
	
  
  </script>  
  
	<textarea id="key" value="" onblur="signToken()" rows="30" cols="150" >	</textarea>  
  
</body></html>