I'm trying to manually generate JWT in Java without using libs, but the returned JWT is not being validated by the link web application.
public String authenticateUser(String body) {
try {
String key = "teste-de-chave-hahaha";
String header;
String payload;
String signature;
//#################################
HashMap<String, String> hashHeader = new HashMap<String, String>();
hashHeader.put("typ", "JWT");
hashHeader.put("alg", "HS256");
System.out.println("hashHeader = " + hashHeader);
JSONObject json = new JSONObject(hashHeader);
System.out.println("hashHeader json = " + json);
header = this.getBase64Parsed(json.toString());
System.out.println("hashHeader json Base64 = " + header);
//#################################
HashMap<String, String> hashPayload = new HashMap<String, String>();
hashPayload.put("iss", "sct.infogruposi.com");
hashPayload.put("username", "brunokchimbo");
hashPayload.put("email", "[email protected]");
hashPayload.put("acl", "Administrador");
System.out.println("hashPayload = " + hashPayload);
json = new JSONObject(hashPayload);
System.out.println("hashPayload json = " + json);
payload = this.getBase64Parsed(json.toString());
System.out.println("hashPayload json Base64 = " + payload);
//#################################
String token = header + "." + payload;
String chave = this.getHmacSHA256Encrypted(token, key);
System.out.println("signature hashHmacSHA256 = " + chave);
signature = this.getBase64Parsed(chave);
System.out.println("signature hashHmacSHA256 Base64 = " + signature);
//#################################
token = token + "." + signature;
System.out.println("token completo = " + token);
return token;
} catch(Exception ex) {
ex.printStackTrace();
} finally {
return Response.status(Response.Status.FORBIDDEN).build().toString();
}
}
public String getHmacSHA256Encrypted(String value, String key) {
return HmacUtils.hmacSha1Hex(key, value);
}
public String getBase64Parsed(String msg) {
return Base64.getEncoder().withoutPadding().encodeToString(msg.getBytes());
}
This code generates JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzY3QuaW5mb2dydXBvc2kuY29tIiwiYWNsIjoiQWRtaW5pc3RyYWRvciIsImVtYWlsIjoiYnJ1bm9rY2hpbWJvQGhvdG1haWwuY29tIiwidXNlcm5hbWUiOiJicnVub2tjaGltYm8ifQ.MmIwOGIxYTliM2Q4NjZhYjc1YmY1N2M4NjJmNTM0YmUzOWQ5NDJkYw
The procedure I'm doing is:
When performing this procedure with the information preloaded on the site, by default a message appears below stating that the key is valid, but when performing the procedure with the information generated by my java code, the signature is invalid.
What is the correct way to generate JWT?