REST API to get JWT User Assertion dynamically

ashuotosh.syn · March 25, 2021, 2:17pm

Hi,

What we are looking for an REST API to call to get the JWT token.

Like a end point to call with headers, body and private key as attached or anyotherway to get the JWT token dynamically.

Is this available or each time we will have to come here to get the same manually.

Something like below

HEADER:
{“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “”
}
PAYLOAD:
{
“sub”: " ",
“jti”: " ", ---- Any ID
“iat”: 1616667714,
“exp”: 1616807714,
“iss”: " ", — Client ID
“aud”: “https://identity.oraclecloud.com/”
}

Thanks!

stephanie.chamblee · April 6, 2021, 4:44pm

Hi @ashuotosh.syn,

Welcome to the Community!

Are you looking for the ID Token or an Access Token? ID Tokens are always JWTs, however, Access Tokens can be opaque or a JWT depending on the audience.

The example looks like an Access Token, but it sounds like you are wanting user data.

You can use the Management API’s GET /api/v2/users/{id} endpoint to get user data. In order to make the request, you’ll need to get a Management API Access Token which you can see how to do here:

ashuotosh.syn · April 5, 2021, 5:43pm

This is not what we are looking for. We looking for some api which can be called with the payload, private key and generate the JWT user assertion token. The steps which we do manually to produce from webui. Can we join a short call just to explain. This will add much more value to what we have here.

HEADER:
{“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “”
}
PAYLOAD:
{
“sub”: " ",
“jti”: " ", ---- Any ID
“iat”: 1616667714,
“exp”: 1616807714,
“iss”: " ", — Client ID
“aud”: “https://identity.oraclecloud.com/”
}

Thanks!

stephanie.chamblee · April 15, 2021, 12:10pm

If you need to receive an Access Token via API call without a webui or user interaction, then it sounds like you may want to set up a Machine-to-Machine Application and use client credentials flow.

The API request would look like this:

curl --request POST \
  --url 'https://YOUR_DOMAIN/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data audience=YOUR_API_IDENTIFIER

You can read more about implementing client credentials flow here: