Question

Verify JSON Web Tokens (JWT) signed with RSA

1

We publish a REST-service in Mendix, in which we need to verify the Authorization token provided in a HTTP header. This token is a JWT token with SHA-256 RSA signing. The current app store modules only support signing using a secret. @Luiz Rocha already requested this at the FlowFabric module (https://appstore.home.mendix.com/link/app/38385/) and the fork of WebFlight doesn't support it either (https://appstore.home.mendix.com/link/app/106447/). Has somebody experience verifying it using a certificate? Any suggestions how I should implement this (probably in Java)?

asked 2018-05-15

Johan Flikweert - old account

2 answers

Erwin 't Hoen · Answer 1 · 2018-05-15

Johan,

If you're up for it have a look at http://codingstill.com/2016/01/verify-jwt-token-signed-with-rs256-using-the-public-key/ to implement this by your self.

Johan Flikweert - old account · Answer 2 · 2018-08-31

Update on this matter: I implemented custom Java as Erwin proposed. In the meanwhile is the fork of Webflight updated by Menno de Haas and this module now supports certificate signed JWT.