cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to decrypt the JWT Token In SAP HCI

itsravi
Explorer

on ‎10-15-2018 7:10 PM

Hi All experts

Need Help in decryption the JWT token in sap hci ,We have scenario in Which the third part system is passing the JWT token which we need to capture in hci and decrypt that token so we can fetch the details of the customer ID from that token .

As i am new to the JWT token Concept in Hci need assistance for this scenario

Thanks

ravikanth

jwt-sample-token.png

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

dominic4
Active Participant
‎10-25-2018 8:50 AM
0 Kudos

Hi Ravikant,


this depends mainly on the type of JWT you are using. I am not to familar with JWT so maybe s.o. can correct me if I made a mistake.


With HS256 you have a secret that you share with the server. Let the token be:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

So you have

<header in Base64>.<payload in Base 64>.<SHA256(<header in Base64>.<payload in Base 64>.<the secret (might be Base 64)>

So to veryfy this take everything before the second dot, add .<yoursecret> and hash it with SHA256. It should be the same as whats behind the last dot.

Another option is to use RS256 and here I need help too. In my understanding you take the Base64 coded header.payload and use the public key of the server to encrypt it. This should be the same as the signatire behind the last dot. Does anyone know how to do this in the SAP Cloud Platform Integration? We have a pgp module but I think this is not the right way.

Anyone with an answer?


Regards,

Dominic


Show replies
Show replies
Ask a Question