Announcement

Collapse
No announcement yet.

JSON Web Token (JWT) and SHA384 encryption

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    JSON Web Token (JWT) and SHA384 encryption

    Hello,

    We have an internal medical API project requiring usage of JSON Web Tokens (JWT). Has anyone had any experience with creating JWT with Mivascript? One of the needs when creating JWT is to use SHA384 encryption. Does Miva have any plans to add SHA384 encryption? We would prefer to stay within Mivascript.

    Thanks for any comments, suggestions or feedback.

    -mike
    Tags: None
    #2
    I believe you can use crypto_evp_digest to generate a sha384 sum
    David Carver
    Miva, Inc. | Software Developer

    Comment

      #3
      Thank you David! This should get us sliding in the right direction!

      -mike

      Comment

        #4
        Any code examples on doing this?
        I need to generate a JWT. I have the key name and the secret and the data to be encoded..
        B
        William Gilligan - Orange Marmalade, Inc.
        www.OrangeMarmaladeinc.com

        Comment

          #5
          Something like this should work

          Code:
          <MvASSIGN NAME = "l.buffer" VALUE = "{ crypto_base64_encode( l.header ) $ '.' $ crypto_base64_encode( l.header ) }">

<MvIF NOT EXPR = "{ crypto_evp_hmac( 'sha256', 'supersecretkey', l.buffer, l.signature ) }">
    <error here>
</MvIF>

<MvASSIGN NAME = "l.jwt" VALUE = "{ l.buffer $ '.' $ crypto_base64_encode( l.signature ) }">
          David Carver
          Miva, Inc. | Software Developer

          Comment

            #6
            Hey Bill,

            I've attached a .txt file of our function that creates the JWT. The l.signedToken toward the bottom is the JWT.

            -mike

            JwtFunction.txt
            • 1 like

            Comment

              #7
              I know it has been a year (been an interesting one) but finally back on this... so far, I can't get either code suggestions to work. What it comes down to is a simple test:
              Code:
              <MvIF NOT EXPR = "{ crypto_evp_sign( 'sha256', '123456', l.buffer, l.signature1 ) }">
ERROR1 = <MvEval expr="{ crypto_last_ssl_error() }"><br>
</MvIF>
Sig1 = <MvEval expr="{ l.signature1 }">
<hr>

<MvIF NOT EXPR = "{ crypto_evp_hmac( 'sha256', '123456', l.buffer, l.signature2 ) }">
ERROR2 = <MvEval expr="{ crypto_last_ssl_error() $ crypto_last_error() }"><br>
</MvIF>
Sig2 = <MvEval expr="{ l.signature2 }">
              In example 1, there is no error and no signature generated.
              In example 2, there is an error "0" and a signture generated but it appears to be in binary.
              Any ideas?
              William Gilligan - Orange Marmalade, Inc.
              www.OrangeMarmaladeinc.com

              Comment

                #8
                What is the crypto_last_error? I'm guessing the second example actually worked but since you have the NOT in the wrong place you thought it didn't?
                David Carver
                Miva, Inc. | Software Developer

                Comment

                  #9
                  The second example did actually work. It took some digging to figure out how this all pieces together, but I got it. Now the problem is that the recipient side is a consistent "not authorized" with no other indication as to why... ahhh...

                  But thanks for all the info - having multiple examples to review helped especially with all the glosubs and encoding that needs to happen for a JWT.
                  William Gilligan - Orange Marmalade, Inc.
                  www.OrangeMarmaladeinc.com

                  Comment

                  Previous template Next
                  Working...
                  X