Question
3
Replies
817
Views
Posted: June 1, 2018
Last activity: February 11, 2019
Closed
Need to use HS256 algorithm for sign with Jason Web Token (JWT)
Hi,
We need to integrate with external system from Pega 7.3.1 using Jason Web Token (JWT). In Pega Token Profile (DATA-ADMIN-SECURITY-TOKEN) instance, we can only select asymmetric algorithm attached below:
Customer's requirement is HS256 - that is one of a symmetric algorithm and that is a must. Is it possible to easily make it available? If it is not provided out-of-the-box, I need to know how we can custom build. Please let me know.
Thanks,
You may try writing a custom java code in pyInvokeRest connector and implement the HS256 API’s from https://connect2id.com/products/nimbus-jose-jwt .
JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256),
new Payload("Hello, world!"));
// We need a 256-bit key for HS256 which must be pre-shared
byte[] sharedKey = new byte[32];
new SecureRandom().nextBytes(sharedKey);
// Apply the HMAC to the JWS object
jwsObject.sign(new MACSigner(sharedKey));
// Output to URL-safe format
jwsObject.serialize();
Thanks,
Arun