Create JWT using jsonwebtoken package
For your custom JWT provider, you can create JWT token using package of your choice, one of which is
jsonwebtoken package. Learn more about jsonwebtoken.
Installation
- npm
- Yarn
- pnpm
$ npm i jsonwebtoken
$ yarn add jsonwebtoken
$ pnpm add jsonwebtoken
Generate Private key
- RSA256
- ECDSA
Paste the below command in terminal to generate a new file privateKey.pem with the key details.
The generated key will be used to sign the token.
openssl genrsa -out privateKey.pem 2048
Once you have generated private key, you can get the public key which can be used to verify the JWT.
openssl rsa -in privateKey.pem -pubout -out publicKey.pem
Paste the below command in terminal to generate a new file privateKey.pem with the key details.
The generated key will be used to sign the token.
openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-privateKey.pem
Once you have generated private key, you can get the public key which can be used to verify the JWT.
openssl ec -in ec-secp256k1-privateKey.pem -pubout -out ec-secp256k1-publicKey.pem
Generate JWT
For jsonwebtoken we have documented RSA256 and ECDSA, two of the most popular algorithms used to generate the JWT. For the list of supported algorithms by jsonwebtoken, you can checkout their documentation.
- RSA256
- ECDSA
Using RSA for JWT Signing
Create an index.js file and paste the below code to generate the JWT using RSA algorithm.
import jwt from "jsonwebtoken";
import fs from "fs";
var privateKey = fs.readFileSync("privateKey.pem");
var token = jwt.sign(
{
sub: "faj2720i2fdG7NsqznOKrthDvq43", // must be unique to each user
name: "Mohammad Shahbaz Alam",
email: "shahbaz@web3auth.io",
aud: "urn:my-resource-server", // -> to be used in Custom Authentication as JWT Field
iss: "https://my-authz-server", // -> to be used in Custom Authentication as JWT Field
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 60 * 60,
},
privateKey,
{ algorithm: "RS256", keyid: "1bb9605c36e69386830202b2d" }, // <-- Replace it with your kid. This has to be present in the JWKS endpoint.
);
console.log(token);
Using ECDSA for JWT Signing
Create an index.js file and paste the below code to generate the JWT using ECDSA algorithm.
import jwt from "jsonwebtoken";
import fs from "fs";
var privateKey = fs.readFileSync("ec-secp256k1-privateKey.pem");
var token = jwt.sign(
{
sub: "faj2720i2fdG7NsqzncndijwnKrthDvq43",
name: "Mohammad Shahbaz Alam",
email: "shahbaz@web3auth.io",
aud: "urn:my-resource-server", // -> to be used in Custom Authentication as JWT Field
iss: "https://my-authz-server", // -> to be used in Custom Authentication as JWT Field
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 60 * 60,
},
privateKey,
{ algorithm: "ECDSA", keyid: "1bb9605c36e69386830202b2d" }, // <-- Replace it with your kid. This has to be present in the JWKS endpoint.
);
console.log(token);
Create JWKS
Once you have created the script to sign the JWT, it's time to convert publicKey.pem file to
jwk(s) format. One of the tool you can use to convert is https://pem2jwk.vercel.app/.
- Select the correct signing algorithm:
RS256 - Select Public Key use:
Signing - Key ID:
paste-youror leave it blank to generate a random one. - PEM encoded key:
{paste-the-publicKey-pem-file-s-content-here} - Click on the
Convert to JWKbutton.
To complete the process, you need to save the output as a .json file, host it on your server, and
make sure it's publicly accessible. This will give you the JWKS Endpoint, which is required when
setting up a Custom JWT Verifier on the Web3Auth Dashboard.