Hi,

No thank you.

I chose different approach to this problem.

Hi.

I am pretty sure I have everything encoded into Base64URL but the response from the OAuth2 server is 'Invalid JWT signature' error.

I suspect the problem lies with IR.CreateEncryption().

Since the JWT should be signed as follows:

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

I am not sure how I am to achieve this with IR.CreateEncryption() since the encryption object can be created either with key size or private/public key.

From the example above I need to tell the algorithm the encryption type and the key?

Is this achievable with IR.CreateEncryption()?

Can you please give an example?

Thanks!

Hi,

Thank you for the documentation.

I have created my JWT as described, but I am still having problems with the authorisation. The OAuth server keeps returning the 'Invalid JWT signature' error.

I think this might be due to my Base64 conversion. They require to convert to Base64url. I cannot see any function in iRidium to convert to URL-safe base64.

I have used standard IR.Base64Encode() and made the output UR: friendly with following code:

B64URLE : function(string){
            var inData = JSON.Stringify(string);
            var encodedData = IR.Base64Encode(inData);
            return encodedData.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, '');

But that does not seem to work.

The output is different than what online converters do.

For example, I am trying to convert following header:

{"alg":"RS256","typ":"JWT"}

The result from IR.Base64Encode() and making it URL friendly is : eyJhbGciOiJSUzI1NiIsICJ0eXAiOiJKV1QifQ, while online converters convert it correctly to eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.

However, after decoding, the output string is the same.

Is there any other way to encode to Base64url in iRidium? I cannot see any possibilities without using external libraries.

I am also wondering if this might because iRidium EncryptionObject.Encode(data (string/array), resultType, inputType) takes IR.INPUT_TYPE_BASE64_STRING instead of Base64URL?

This is how I create my JWT:

var googleOAuthVars = {
        PrivateKey : "-----BEGIN PRIVATE KEY-----\n****KEY****\n-----END PRIVATE KEY-----\n",
        Scopes : ['https://www.googleapis.com/auth/drive'],
        JWT : jwt = {
                    Header : {"alg":"RS256","typ":"JWT"},
                    ClaimSet : claimSet = {
                      "iss": "email@gserviceaccount.com",
                      "scope": "https://www.googleapis.com/auth/drive",
                      "aud": "https://oauth2.googleapis.com/token",
                      "exp": parseInt((new Date().getTime())/1000)+20*60,
                      "iat": parseInt(new Date().getTime()/1000)
                    },
                    JWT : jwt = "",
                   }
}


var header = utilities.B64URLE(googleOAuthVars.JWT.Header);
var claimSet = utilities.B64URLE(googleOAuthVars.JWT.ClaimSet);
var signatureInput = header+"."+claimSet;
var signature = utilities.Encrypt(googleOAuthVars.PrivateKey,signatureInput);
var signature64 = utilities.B64URLE(signature);
googleOAuthVars.JWT.JWT = signatureInput+"."+signature64;     //JWT

var utilities = {
        B64URLE : function(string){
            var inData = JSON.Stringify(string);
            var encodedData = IR.Base64Encode(inData);
            return encodedData.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, '');
        },
        B64URLD : function(string){
            string = (string + '===').slice(0, string.length + (string.length % 4));
            string =  string.replace(/-/g, '+').replace(/_/g, '/');
            var decodedData = IR.Base64Decode(string);       
            return decodedData;
        },
        Encrypt : function(in_key,in_data){
            var key = in_key;
            var data = in_data;
            var RSA = IR.CreateEncryption(IR.ENCRYPTION_RSA, key, false);
            var result = RSA.Encode(data, IR.RESULT_TYPE_ARRAY, IR.INPUT_TYPE_BASE64_STRING);
            return result;
         }
}

EDIT:

After thorough investigation, turns out that iRidium JSON.Stringify() creates whitespaces after each parameter. Thus the differences between web and iRidium encoders.

Now my Base64 strings seem to be correct, but the server still rejects the signature.

Is there an error with how I used IR.CreateEncryption()?

Hi,

I generally stuck on point 4. Can you please give me an example of using IR.CreateEncryption method as it may also come handy later.

I have only private key, no public key.

According to documentation I also need to encode to Base64url - is there a method in iRidium to do that? Or will I have to write conversion in JS?

P.S.

My aim is to get authorized to Google OAuth2.0 Service Account, i am following this documentation: https://developers.google.com/identity/protocols/oauth2/service-account#httprest

Thank you for a quick response!

Works perfectly.

The confusion was that I was expecting an [object Object] output in the console instead of null.

Hi,

That works perfect now.

Thank you!