Saviynt Forums

Sivateja · ‎07/02/2024

Hi Team,

Could someone help me in signing the JWT? I have Key ID and Private Key with me.

Regards,

Sivateja

rushikeshvartak · ‎07/02/2024

Online Tool: jwt.io

If you prefer to use an online tool, you can use jwt.io to manually create and sign your JWT.

Open jwt.io: Go to jwt.io.
Header: Enter the header in the "Decoded" section. It will typically look like this:
json
{
"alg": "RS256", "typ": "JWT", "kid": "YOUR_KEY_ID" }
Payload: Enter your payload. For example:
json
{ "sub": "subject", "iss": "issuer", "exp": 1609459200 // Unix timestamp for expiration }
Signature: Paste your private key into the "Verify Signature" section. Make sure to remove the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines and any whitespace.
Copy JWT: The signed JWT will be generated in the "Encoded" section at the top. You can copy it from there.

Make sure to replace placeholders like YOUR_KEY_ID, subject, issuer, and path/to/your/private-key.pem with your actual values and paths.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sivateja · ‎07/10/2024

Hi

On the signature part, it is asking for both Private key and Public key when I select the algorithm ES256. But I only had private key with me.

Due to this it is throwing an error like invalid signature.

NM · ‎07/10/2024

Hi @Sivateja are you trying to create JWT online or in saviynt?

Sivateja · ‎07/10/2024

Hi @NM ,

Yes, I tried with JWT.IO as recommended.

But, I need to do this in Saviynt as well. I have followed the developer guide for creating connection JSON for JWT authentication. But it is getting failed.

To ensure that I checked in jwt.io as well. There are also it is saying invalid signature.

NM · ‎07/10/2024

@Sivateja you only have to add private key .. no need to add public.. what error do you get

Share connection json... Mask confidential values..

Sivateja · ‎07/10/2024

Here is the connection JSON

{
"authentications": {
"acctAuth": {
"authType": "Jwt",
"httpParamsName": "assertion",
"jwtConfig": {
"jwtHeader": {
"alg": "ES256",
"typ": "JWT",
"kid": "*********"
},
"jwtPayload": {
"iss": "******",
"sub": "user",
"aud": "appstoreconnect-v1",
"scope": "https://api.appstoreconnect.apple.com/v1/users"
},
"signedAlgorithm": "ES256",
"key": "-----BEGIN PRIVATE KEY----- ********** -----END PRIVATE KEY-----",
"jwtExpiryDuration": 120
},
"url": "https://api.appstoreconnect.apple.com",
"httpMethod": "POST",
"httpParams": {
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer"
},
"httpContentType": "application/x-www-form-urlencoded",
"retryFailureStatusCode": [
401,
500,
400
],
"authError": [
"SESSION_NOT_VALID",
"AuthenticationFailed",
"ExpiredJwtException",
"401 Unauthorized",
"401",
"You couldn't be authenticated"
],
"errorPath": "code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "abc"
}
}
}

NM · ‎07/10/2024

@Sivateja, no need to add begin and end in key field of connection json

Sivateja · ‎07/10/2024

@NM I tried by removing them only. Just for reference I have given here.

Sivateja · ‎07/10/2024

@NM Please find the logs as well.

Saviynt Forums

Sign the JWT with KID and Private Key

Online Tool: jwt.io