<!doctype html><html lang="en"><head> <meta charset="utf-8"> <title>Sign Tokens for AaaS</title> <script src="forge.min.js"></script> <script src="uuidv1.js"></script></head><body> <script language="javascript" >
// base 64 URL encoding
function base64EncodeUrl(str){
return window.btoa(str).replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, '');
}
function signToken() {
// loading private key
var privateKey = forge.pki.privateKeyFromPem( YOUR_PRIVATE_KEY_PEM );
// computing the SHA 256 thrumprint of the DER to be used as a kid (key id)
var privateKeyDER = forge.pki.pemToDer( YOUR_PRIVATE_KEY_PEM );
var kidHash = forge.md.sha256.create();
kidHash.update( privateKeyDER.data , 'raw');
// JWT header
var header = {
alg: "RS256",
kid: base64EncodeUrl( kidHash.digest().data )
};
// JWT body
var token = {
sub: "YOUR_CLIENTID",
aud: "https://AAAS_PLATFORM/idp/YOUR_TENANT/authn/token",
nbf: Math.floor(Date.now() / 1000) - 30,
iss: "YOUR_CLIENTID",
exp: Math.floor(Date.now() / 1000) + (60 * 60),
jti: uuidv1(),
iat: Math.floor(Date.now() / 1000) - 30
};
// The signature is the header and the body base64 URL encoded, SHA 256 hashed, signed with the key
var md = forge.md.sha256.create();
md.update( base64EncodeUrl( JSON.stringify(header) ) + "." + base64EncodeUrl( JSON.stringify( token ) ), 'raw');
var signature = privateKey.sign(md, "RSASSA-PKCS1-V1_5");
// this prints a signed token ready to send to the Authentication Service !
console.log( base64EncodeUrl( JSON.stringify(header) ) + "." + base64EncodeUrl( JSON.stringify( token ) ) + "." + base64EncodeUrl( signature ) );
}
</script>
<textarea id="key" value="" onblur="signToken()" rows="30" cols="150" > </textarea>
</body></html>