Skip to content

Instantly share code, notes, and snippets.

@xu-li

xu-li/oauth-using-jwt.xml

Created August 21, 2020 09:19
Show Gist options
  • Save xu-li/706b98b405f160a93658fd2e0a2eeae4 to your computer and use it in GitHub Desktop.
Save xu-li/706b98b405f160a93658fd2e0a2eeae4 to your computer and use it in GitHub Desktop.
Download ZIP
Mulesoft OAuth using JWT
Raw
oauth-using-jwt.xml
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:crypto="http://www.mulesoft.org/schema/mule/crypto" xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/crypto http://www.mulesoft.org/schema/mule/crypto/current/mule-crypto.xsd">
<crypto:jce-config name="OAuth_JWT_Crypto_Jce" doc:name="Crypto Jce" doc:id="b819382e-9ed7-4a23-b7e3-4886afa0b7ed" keystore="${jwt.keystore.path}" password="${jwt.keystore.password}" >
<crypto:jce-key-infos >
<crypto:jce-asymmetric-key-info keyId="${jwt.keystore.alias.id}" alias="${jwt.keystore.alias.name}" password="${jwt.keystore.alias.password}" />
</crypto:jce-key-infos>
</crypto:jce-config>
<flow name="oauth-using-jwtFlow" doc:id="8b0389da-196c-4881-923c-ce1d26d9e993" >
<http:listener doc:name="/oauth/jwt" doc:id="d9c4ac55-00a5-4b13-9af3-8eb33d6eda17" config-ref="HTTP_Listener_config" path="/oauth/jwt"/>
<set-variable value='{"alg":"RS256","typ":"JWT"}' doc:name="Set JWT header" doc:id="9289b966-7055-4a46-ae60-d517d6900074" variableName="header"/>
<set-variable value="#[%dw 2.0
var ts = now() as Number
var body = {
iss: p(&quot;jwt.body.iss&quot;),
sub: p(&quot;jwt.body.sub&quot;),
iat: ts,
exp: ts + (p(&quot;jwt.body.exp&quot;) as Number),
aud: p(&quot;jwt.body.aud&quot;),
scope: p(&quot;jwt.body.scope&quot;)
}
output text/plain
---
'{&quot;iss&quot;:&quot;$(body.iss)&quot;,&quot;sub&quot;:&quot;$(body.sub)&quot;,&quot;iat&quot;:$(body.iat),&quot;exp&quot;:$(body.exp),&quot;aud&quot;:&quot;$(body.aud)&quot;,&quot;scope&quot;:&quot;$(body.scope)&quot;}']" doc:name="Set JWT body" doc:id="b6890529-f311-41a4-9ff5-a59ef960ce11" variableName="body"/>
<crypto:jce-sign doc:id="66e5f55b-39e7-401f-aa27-4e90f321b284" config-ref="OAuth_JWT_Crypto_Jce" doc:name='Sign JWT' algorithm="SHA256withRSA" keyId="${jwt.keystore.alias.id}" target="signature" targetValue='#[((payload replace "+" with("-")) replace "/" with("_")) replace "=" with("")]'>
<crypto:content ><![CDATA[#[%dw 2.0
import toBase64 from dw::core::Binaries
fun toBase64URL(str) =
((toBase64(str as Binary) replace "=" with("")) replace "+" with("-")) replace "/" with("_")
output binary
---
toBase64URL(vars.header) ++ "." ++ toBase64URL(vars.body)]]]></crypto:content>
</crypto:jce-sign>
<set-payload value='#[%dw 2.0
output application/json
---
{
header: vars.header,
body: vars.body,
signature: vars.signature
}]' doc:name="Output JWT assertion (HEADER.BODY.SIGNATURE)" doc:id="31da59ee-2056-4b26-a2a5-5095468b76ad"/>
</flow>
</mule>
@xu-li
Copy link
Author

xu-li commented Aug 21, 2020

Key steps:

  • JCE Sign operation accepts binary. Use output binary to format the payload.
  • The result of JCE Sign operation is a base64 string instead of a base64url string. Replace certain chars in the base64 string with the corresponding base64url chars.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment