Versions Compared

Old Version 3

changes.mady.by.user Tobias Haeberle

Saved on

compared with

New Version 4

changes.mady.by.user Tobias Haeberle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. After completing the onboarding, you will have received a JSON file named account_info.json.
    Structure of account_info.json
    PEM Format Key

    Code Block
    languagejson
    {
    "keyId": "123e4567-e89b-12d3-a456-556642440000",
    "issuer": "NEW_PARTNER",
    "privateKey": "-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2\nOF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r\n1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G\n-----END PRIVATE KEY-----",
    "publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9\nq9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==\n-----END PUBLIC KEY-----"
}

  2. Using any standard JWT library in the language of your choice, you can create a JWT with a header and payload like the following example:

    Code Block
    languagejson
    {
  "alg": "ES256",
  "typ": "JWT",
  "kid": "123e4567-e89b-12d3-a456-556642440000"
}
{
  "iss": "NEW_PARTNER",
  "iat": 1511900000,
  "exp": 1511903600
}

    1. Please set alg (Algorithm) as ES256

    2. For the kid (Key ID) field in the header, specify the value corresponding to the keyId field of your account_info.json file.

    3. For the iss (Issuer) field, specify the value corresponding to the issuer field of your account_info.json file.

    4. For the iat (Issued At) field, specify the Unix time when the token was issued.

    5. For the exp (Expiration Time) field, specify the Unix time denoting when the token will expire. The tokens will be rejected if the validity(i.e. exp - iat) of the token is more than 1hr.

  3. Sign the JWT with the private key (i.e. value corresponding to the privateKey field of your account_info.json file).

Note

Protect the privacy of your private key and signed tokens

Your private key (account_info.json) is a secret value similar to a password or API key. Store it in a secure way and follow best practices of injecting secrets into your application at runtime. Never distribute the private key alongside your application and protect access to it appropriately.

Never share signed JWTs with third parties.

Examples

  1. Java - Using auth0/java-jwt

    Code Block
    languagejava
    PrivateKey privateKey = //Get the private key instance
Algorithm algorithm = Algorithm.ES256(null, privateKey);
String signedJwt = JWT.create()
    .withKeyId(keyId) // `kid`
    .withIssuer("NEW_PARTNER") // `iss`
    .withIssuedAt(new Date(now)) // `iat`
    .withExpiresAt(new Date(now + 3600 * 1000L)) // `exp`
    .sign(algorithm);

...