Skip to content
/ rev-jwt-gen-sample Public
forked from vbrick/rev-jwt-gen-sample

Sample code for generation JWT to interact with Vbrick Rev Platform

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lukeselden/rev-jwt-gen-sample

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
deno
deno
 
 
dotnet
dotnet
 
 
java
java
 
 
nodejs-starter
nodejs-starter
 
 
nodejs
nodejs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Vbrick Rev Sample JWT Generation

This repository includes sample code to generate JSON Web Tokens (JWT) that can be used to interact with Vbrick Rev Platform. For more information on using Vbrick Rev JWT for authentication please refer to https://revdocs.vbrick.com/reference/jwt-authentication

Getting Started

1. Generate a Private Key

The private key must be a RSA key of at least 2048 bits.

# Option 1 - private key via genpkey
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out signing.private.key

# Option 2 - genrsa then convert (if using old version of openssl)
openssl genrsa -out tmp.rsa.key
openssl pkcs8 -in tmp.rsa.key -nocrypt -topk8 -out signing.private.key
rm tmp.rsa.key

2. Output Public Key as X.509 Certificate

Rev expects you to provide the corresponding Public Key for your Private Key in X.509 certificate format. This cert can be self-signed and the Subject (CN) is arbitrary, since Rev will only be using the enclosed Public Key for JWT verification. The Public Key must have RSA-OAEP 256 padding (as per JWT/JOSE standards).

Set the validity duration (-days) according to your security policy. Note that the encryption certificate Rev generates is valid for two years, so keys will need to be rotated before that time.

openssl req -x509 -nodes -key signing.private.key -days 730 -subj /CN=rev-jwt-gen -batch -pkeyopt rsa_padding_mode:oaep -out signing.public.pem

3. Configure JWT in Rev

  1. Enable JWT Signing in Rev Admin and click save.
  2. Add the signing certificate in JWT section and download/copy resulting encryption certificate.
  3. Use the signing private key and encryption cert when generating JWTs

Usage

Once configured JWT authentication can be used to:

NOTE: The sub (subject) value when generating a JWT MUST match the username or email address of a valid Rev user. You can only have one active JWT authentication session for a given named user at a time.

Key Rotation

The encryption certificate that Rev generates is valid for two years. Rev allows having two active signing certificate entries at a time to allow key rotation.

Disclaimer

This sample code is distributed "as is", with no warranty expressed or implied, and no guarantee for accuracy or applicability to your purpose.

About

Sample code for generation JWT to interact with Vbrick Rev Platform

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 63.3%
  • TypeScript 22.8%
  • Java 7.3%
  • C# 3.5%
  • Shell 3.1%