Official Content

This document describes how to create a very simple JWT with a common symmetric algorithm using GeneXusJWT module.

//******HEADER******//
//{
//  "alg": "HS256",
//  "typ": "JWT"
//}
//******PAYLOAD******//
//{
//  "jti": "0696bb20-6223-4a1c-9ebf-e15c74387b9c",
//  "iss": "example.com",
//    "exp" : 1909649720,
//  "company": "Example",
//}

//Obtaining an hexadecimal key for a symmetric encryption algorithm since it is what we are using (HS256)
&symmetricKey = &SymmetricKeyGenerator.DoGenerateKey(SymmetricKeyType.GENERICRANDOM, 256)

//Adding iss claim, it is a registered claim
//Registered claims are not mandatory therefore are added on JWTOptions SDT
//Documentation: https://wiki.genexus.com/commwiki/servlet/wiki?43983,JWT+Optional+Data
//For more information about JWT claim types https://wiki.genexus.com/commwiki/servlet/wiki?43981,JSON+Web+Token+Standard+%28JWT%29
&JWTOptions.AddRegisteredClaim(RegisteredClaim.iss, "example.com")

//Adding exp claim, it is a registered claim that validates time.
//Therefore AddCustomTimeValidationClaim is the method to use with a time with "yyyy/MM/dd HH:mm:ss" picture
&JWTOptions.AddCustomTimeValidationClaim(RegisteredClaim.exp, "2030/07/07 10:15:20", "0")
&JWTOptions.AddRegisteredClaim(RegisteredClaim.jti, "0696bb20-6223-4a1c-9ebf-e15c74387b9c")
//Adding the key to use for the signature
&JWTOptions.SetSecret(&symmetricKey)

&PrivateClaims.SetClaim("company","Example")

//Use DoCreate to sign and encode the token
//Documentation: https://wiki.genexus.com/commwiki/servlet/wiki?43989,JWT+Creator
&token = &JWTCreator.DoCreate(JWTAlgorithm.HS256, &PrivateClaims, &JWTOptions)

if &JWTCreator.HasError()
    msg("Error on creation: Code: " + &JWTCreator.GetErrorCode() + " Description: " + &JWTCreator.GetErrorDescription(), status)
else
    msg("Correctly generated", status)

    msg("Base 64 token: " + &token, status)

    //The JWTCeator object also has functions to obtain the header and  the payload from the encoded token in plain text

    &header = &JWTCreator.GetHeader(&token)

    msg("Token header: " + &header, status)

    &payload = &JWTCreator.GetPayload(&token)

    msg("Token payload: " + &payload, status)

    &verification = &JWTCreator.DoVerify(&token, JWTAlgorithm.HS256, &PrivateClaims, &JWTOptions)
    //This verification method verifies the recieved token agains the key and claims provided, not just the signature
    //If the token was changed in any mean it will fail
    //When the above specification fails it will return false as for any other type of error
    if &JWTCreator.HasError()
        msg("Error on creation: Code: " + &JWTCreator.GetErrorCode() + " Description: " + &JWTCreator.GetErrorDescription(), status)
    else
        msg("Correctly verified. Result: " + &verification.ToString(), status)
    endif

endif


Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant