Create and Sign a JSON Web Token (JWT) with Node.JS

var jose = require('node-jose');
var forge = require('node-forge');
var uuid = require('uuid/v1');
(...)
// the audience is the URL of the token endpoint 
var audience = "https://AAAS_PLATFORM/idp/YOUR_TENANT/authn/token";
// the JWT token to be signed and sent to the Authentication Service
var bodyCnt = {
	sub: "YOUR_CLIENTID",
	aud: audience,
	nbf: Math.floor(Date.now() / 1000) - 30,
	iss: "YOUR_CLIENTID",
	exp: Math.floor(Date.now() / 1000) + (60 * 60),
	jti: uuid(),
	iat: Math.floor(Date.now() / 1000) - 30
};
// transform your certificate to PEM format if you have it in binary DER (CRT, CER ...)
var privateKeyDER = (...);
var privateKeyPEM = forge.pki.certificateToPem(forge.pki.certificateFromAsn1(forge.asn1.fromDer(privateKeyDER .toString('binary'))))
// parsing the PEM formatted private Key 
jose.JWK.asKey(privateKeyPEM, "pem").then(function(jwk) {
	
	// jwk contains the parsed key 
	// creating the signature, using RS256 algorithm 
	var signature = 
		jose.JWS.createSign({
				alg: "RS256",
				format: 'compact'
			}, jwk).
				update(JSON.stringify(bodyCnt), "utf8").
					final();
	
	// signing 
	signature.then(function(result) {
		// result contains a signed ID Token, ready to send to the Authentication Service !
	   
	}, function(error) {
		console.log(error);
	});
});