Skip to content

Instantly share code, notes, and snippets.

@watahani

watahani/jwt-bearer.md

Created August 10, 2020 08:49
Show Gist options
  • Save watahani/ada8ef8b2c8d8570384c3849b4e8c2f7 to your computer and use it in GitHub Desktop.
Save watahani/ada8ef8b2c8d8570384c3849b4e8c2f7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
jwt-bearer.md

JWT-Bearer for Azure AD

https://docs.microsoft.com/ja-jp/azure/active-directory/develop/active-directory-certificate-credentials

  • client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
  • client_assertion: eyJ...

Client Assertion

{
  "alg": "RS256",
  "typ": "JWT",
  "x5t": "gx8tGysyjcRqKjFPnd7RFwvwZI0" //sha1 hash
}
.
{
  "aud": "https: //login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/token",//should be token end point
  "exp": 1484593341,
  "iss": "97e0a5b7-d745-40b6-94fe-5f77d35c6e05", //client_id
  "jti": "22b3bb26-e046-42df-9c96-65dbd72c1c81", //guid
  "nbf": 1484592741,
  "sub": "97e0a5b7-d745-40b6-94fe-5f77d35c6e05" //client_id
}
.
"Gh95kHCOEGq5E_ArMBbDXhwKR577scxYaoJ1P{a lot of characters here}KKJDEg" //signiture

メモ

$fp = openssl x509 -noout -in .\selfsigned.cer -fingerprint
,($fp.Split('=')[1] | Convert-HexToBytes) | Convert-BytesToBase64Url
$cert = Get-ChildItem Cert:CurrentUser/My | ? { $_.Thumbprint -eq 'thumb' }
,$cert.GetCertHash("SHA1")| Convert-BytesToBase64Url

C# Sample

https://gist.github.com/watahani/f09e17bae35730af5a3729952fe29d74

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment