on 10-15-2018 7:10 PM
Hi All experts
Need Help in decryption the JWT token in sap hci ,We have scenario in Which the third part system is passing the JWT token which we need to capture in hci and decrypt that token so we can fetch the details of the customer ID from that token .
As i am new to the JWT token Concept in Hci need assistance for this scenario
Thanks
ravikanth
Hi Ravikant,
this depends mainly on the type of JWT you are using. I am not to familar with JWT so maybe s.o. can correct me if I made a mistake.
With HS256 you have a secret that you share with the server. Let the token be:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
So you have
<header in Base64>.<payload in Base 64>.<SHA256(<header in Base64>.<payload in Base 64>.<the secret (might be Base 64)>
So to veryfy this take everything before the second dot, add .<yoursecret> and hash it with SHA256. It should be the same as whats behind the last dot.
Another option is to use RS256 and here I need help too. In my understanding you take the Base64 coded header.payload and use the public key of the server to encrypt it. This should be the same as the signatire behind the last dot. Does anyone know how to do this in the SAP Cloud Platform Integration? We have a pgp module but I think this is not the right way.
Anyone with an answer?
Regards,
Dominic
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.