-
Notifications
You must be signed in to change notification settings - Fork 6
Partner Organization : Onboarding API consumer & generating JWT token
Following details should be provided for onboarding API consumer for partner organisation
- Identifier for partner organisation (iss)
Example: apekx - RSA public key
Note: The consumer for partner organisation will be on-boarded with following API consumer groups
["echoUser", "orgAdmin", "orgUser", "userAdmin", "publicUser"]
To create a brand new pair of public/private keys, you can run the following command:
$ openssl genrsa -out private.pem 2048This private key must be kept secret. To generate a public key corresponding to the private key, execute:
$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
If you run the commands above, the public key will be written in public.pem, while the private key will be written in private.pem
Below steps demonstrate using a online JWT token generator. You could follow the guidelines below to to generate JWT tokes using JWT libraries available in your platform's programming language.
- Go to https://jwt.io/
- Select algorithm as
RS256. The header would be
{
"alg": "RS256",
"typ": "JWT"
}
- Ensure payload has following fields. Example: If identifier for partner organisation (iss) is
apekxpayoad would be
{
"iss": "apekx"
}
- Generate the JWT signature using
RSASHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
<content of your public key>,
<content of your private key>
)
- JWT token will be
base64UrlEncode(header) + "." + base64UrlEncode(payload) + signature_generated_in_above_stesp
Note: In jwt.io this token is shown in left side pane
The token generated in above step should be sent in Authorization header of the request with value Bearer <token>. Example curl request
curl -H "Authorization: Bearer <token>" https://dev.open-sunbird.org/api/echo/hello