A JWT (Json Web Token) has to be generated to be added to the Token URL which would be of the format :
${redirect_uri}?state=${state}&id_token=${jwt_token}`
Problem Statement
How to generate the token?
Resolution Path
A JWT typically has three parts in form xxx.yyy.zzz where :
- xxx = Header
The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, in case of Freshworks, it is RS256. Here's a sample
{ "alg": "RS256", "typ": "JWT"} Then, this JSON is Base64Url encoded to form the first part of the JWT.
- yyy= Payload
The payload contains the data related to the identity along with secure parameters exchanged in JSON format. For example,
{ "sub": "1234567890", "email": "messi@awesomecompany.com", "nonce": "123422" } The payload is then Base64Url encoded to form the second part of the JSON Web Token.
- zzz=To create the signature part you have to take the encoded header, the encoded payload, RSA private key, and sign that. You can generate the RSA Key using the following script
#generate RSA key ssh-keygen -t rsa -b 1024 -m PEM -f jwtRS256.key # use empty passphrase openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
Putting it all together, a sample JWT token looks like this
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.TCYt5XsITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUcX16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtjPAYuNzVBAh4vGHSrQyHUdBBPM
These are the parameters that may be passed in the payload.
| Param Name | Value Type & Example | Required / Optional | Description |
| sub | String "Messi10" | Required | The ID of the agent in the external system |
| String "messi@awesomecompany.com" | Required | The email address of the user who is to be logged in | |
| iat | Number 1545894207 | Required | The value must be the number of seconds since the UNIX epoch. A maximum clock drift of 300 seconds is permitted. |
| nonce | String "23456781234" | Required | nonce passed by Freshworks as part of the login request to mitigate the replay attacks. It will be a random alpha-numeric string. The nonce is valid only for 10 mins from the time it is issued by FreshID. |
| given_name | String "Leo" | Required | First name or given name of the user |
| family_name | String "Messi" | Required | Last name or Family name of the user |
| phone_number | String "1010101010" | Optional | Phone number of the user |
| picture | String "https://bit.ly/Lionel_Messi.jpg" | Optional | Profile picture URL of the user. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article