-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
71 lines (56 loc) · 2.53 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<script language="JavaScript" type="text/javascript" src="https://kjur.github.io/jsrsasign/jsrsasign-all-min.js"></script>
<title>Google IAP JWT generator and signer</title>
<script language="JavaScript" type="text/javascript">
function _doSign() {
var f = document.form1;
var sClaim = JSON.stringify(_getClaim());
//alert(sClaim);
var pHeader = {'alg': 'RS256', 'typ': 'JWT'};
var sHeader = JSON.stringify(pHeader);
var key = f.key1.value;
sJWS = KJUR.jws.JWS.sign(null, sHeader, sClaim, key);
f.jws1.value = sJWS;
}
function _getClaim() {
var r = {};
r.iat = KJUR.jws.IntDate.get('now');
r.exp = KJUR.jws.IntDate.get('now + 1hour');
if (document.form1.iss1.value != '') r.iss = document.form1.iss1.value;
if (document.form1.sub1.value != '') r.sub = document.form1.sub1.value;
if (document.form1.aud1.value != '') {
var audList = document.form1.aud1.value.split(/,/);
if (audList.length == 1) {
r.aud = audList[0];
} else {
r.aud = audList;
}
}
if (document.form1.target_audience.value != '') r.target_audience = document.form1.target_audience.value;
return r;
}
</script>
</head>
<body>
<h2>Generate and sign JWT for Google IAP (Identity Aware Proxy) online</h2>
<form name="form1">
<b>JWT claim</b><br/>
<span>Issue At Time (iat) is set to now and Expiration Time (exp) is set to now +1hour (1hour is maximum that Google accepts)<\span>
<p>
<input name="aud1" type="text" size="70" value="https://www.googleapis.com/oauth2/v4/token"/> Audience(aud)<br/>
<input name="iss1" type="text" size="70" value=""/> Issuer(iss) - this is client_email field in service account json file, ends with @<project name>.iam.gserviceaccount.com<br/>
<input name="sub1" type="text" size="70" value=""/> Subject(sub) - same as iss above<br/>
<input name="target_audience" type="text" size="70" value=""/> Target Audience - this is OAuth client id configured for the resource to be accessed, ends with apps.googleusercontent.com<br/>
<br/>
<b>Private key</b>
<span>This is private_key field in service account json file (make sure to strip all \n from the key)</span><br/>
<textarea name="key1" cols="70" rows="28"></textarea><br/><br/>
<b>Generate JWT and sign it with RS256 algorithm</b><br/>
<input type="button" value="Sign it!" onClick="_doSign();"/> <br/><br/>
<textarea name="jws1" cols="100" rows="10"></textarea><br/>
<h3>This page uses <a href="https://github.com/kjur">jsrsasign</a> and is based on jsrsasign example for JWT signing.</h3>
</body>
</html>