...
The JWT's header, payload, and signature are concatenated with periods. As a result, a JWT typically takes the following this form:
Code Block |
---|
{Base64url encoded header}.{Base64url encoded payload}.{Base64url encoded signature} |
...
The JWT header consists of two fields that indicate the signing algorithm and token type. Both fields are mandatory, and each field has only one value. ClearBlade IoT Core supports the following these signing algorithms:
JWT
RS256
(RSASSA-PKCS1-v1_5 using SHA-256 RFC 7518 sec 3.3). This is expressed asRS256
in thealg
field in the JWT header.JWT
ES256
(ECDSA using P-256 and SHA-256 RFC 7518 sec 3.4), defined in OpenSSL as the prime256v1 curve. This is expressed asES256
in thealg
field in the JWT header.
...
The JSON Web Signature (JWS) specification guides the mechanics of generating the JWT signature. The signature’s input is the following this content’s byte array:
Code Block |
---|
{Base64url encoded header}.{Base64url encoded claim set} |
To compute the signature, sign the base64url-encoded header, base64-url encoded claim set, and a secret key (such as a rsa_private.pem
file) using the algorithm you defined in the header. The signature is then base64url-encoded, and the result is the JWT. The following This example shows a JWT before base64url encoding:
...
After the final encoding, the JWT looks like the followingthis:
Code Block |
---|
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJteS1wcm9qZWN0IiwiZXhwIjoxNTA5NjUwODAxLCJpYXQiOjE1MDk2NTQ0MDF9.F4iKO0R0wvHkpCcQoyrYttdGxE5FLAgDhbTJQLEHIBPsbL2WkLxXB9IGbDESn9rE7oxn89PJFRtcLn7kJwvdQkQcsPxn2RQorvDAnvAi1w3k8gpxYWo2DYJlnsi7mxXDqSUCNm1UCLRCW68ssYJxYLSg7B1xGMgDADGyYPaIx1EdN4dDbh-WeDyLLa7a8iWVBXdbmy1H3fEuiAyxiZpk2ll7DcQ6ryyMrU2XadwEr9PDqbLe5SrlaJsQbFi8RIdlQJSo_DZGOoAlA5bYTDYXb-skm7qvoaH5uMtOUb0rjijYuuxhNZvZDaBerEaxgmmlO0nQgtn12KVKjmKlisG79Q |
...