在Java中使用标头，有效负载和签名创建JWT

Question

i want to generate a jwt for a given header, payload and a secret key.

my header;

{ "typ": "JWT", "alg": "HS256" }

my payload;

{ "iss": "46181382", "ist": "project", "iat": 1536225835, "exp": 1536226835, "jti": "abcdefghi" }

my secret key; 105446462291847624638651561dfg156148df941819498

here is my java code, it already create an jwt. but i think the secret key is not get included to it. because once i use that jwt for my header in tokbox api call i get the following response.

 {
"code": -1,
"message": "Invalid signature",
"description": "Invalid signature"
}

here is the code;

    byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("105446462291847624638651561dfg156148df941819498");
    Key signingKey = new SecretKeySpec(apiKeySecretBytes, SignatureAlgorithm.HS256.getJcaName());

    Map map = new HashMap<String,Object>();
    map.put("alg","HS256");
    map.put("typ","JWT");

    String jwt = Jwts.builder()
            .setHeader(map)
            .claim("iss", "46181382")
            .claim("ist", "project")
            .claim("iat", currentTimeSeconds())
            .claim("exp", expireTimeSeconds())
            .claim("jti", "abcdefghi")
            .signWith(SignatureAlgorithm.HS256,signingKey)
            .compact();

currentTimeSeconds() and expireTimeSeconds() are methods written by myself. i am sure there is no issue with them. I am not sure with this .signWith() method.

Could any one please help me.

Thank you.

Answer 1

I found the answer. In the above code the secret key should be given as Base64URL encoded value. it means the first line should change as follows.

byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("MTA1NDQ2NDYyMjkxODQ3NjI0NjM4NjUxNTYxZGZnMTU2MTQ4ZGY5NDE4MTk0OTg=");