Question

4
Replies
250
Views
TerenceY0215 Member since 2016 27 posts
Bank of Nova Scotia
Posted: 1 year ago
Last activity: 9 months 1 week ago

Ability to control how pxGenerateJWT put in the header

According to Pega Help:

https://community.pega.com/sites/default/files/help_v82/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-token/generation.htm#Generation_tab_on_the_Token_Profile_form

alg – The used JWS algorithm, which is in the Security section, on the Generation tab.
cty – The content type is populated by default as application/json.
typ – The type is always JWT.
kid – The Key ID is a unique ID generated by the JWT runtime for each token generated.
crit – Headers that are marked as critical on the Generation tab.

Kid is generated every time using pxGenerateJWT. In the example that we have, this is the Header that got generated:

{
"kid": "4a08b9920940f25110d0b49bf937e855",
"cty": "application/json",
"typ": "JWT",
"alg": "RS256"
}

We need to create a JWT to send to a service in order to obtain a token that will be used in calling other services. According to the service provider, their definition of kid is as follows:

  • KID is the public key thumbprint. It is generated by the toolkit(nimbus) we use to generate/validate assertions.

The service provider also considers the KID header parameter optional. We have tested with a hand crafted JWT created using jwt.io, and have confirmed that the KID header parameter made a difference. And the service provider accepts the JWT without KID in the header.

We would like to find out the steps to achieve at least one of the following:

1) Generate KID based on the public key thumb print

2) Allow the developer to decide how KID is generated

2) Suppress the generation of KID altogether

***Edited by Moderator Marissa to update SR Details***

Data Integration SR Exists
Share this page LinkedIn