Hello Everyone,
to receive an access token for a remote API access I need to make a HTTP request including a JWT with HMACSHA256 signing. I’ve done this successfully via Javascript, but for obvious security reasons I want to move this process on the server-side. It would be great to use make.com for it.
I tried to use a simple scenario with creating the header and payload, do to base64URL and signing with the standard sha256() functions providing the key as a plain text. Because make.com does not support the base64URL format it took a while but finally the header and payload is now transformed into the correct form - valided with jwt.io.
The missing part is the signing process. The header+payload needs to be signed with SHA256 and a key. This algorithm is called JWT RS256.
The key is in the form:
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCydaaULZwhJg/9
DD7eMD3fTpsfzR0GRH76k+iVRHmkxHucUEwQDFzP2ME7RTyFo2PJfIdYpyhrDKpR
wxJNrYZaxKENsYgxPjk … and so on.
It hasn’t work at all in make.com so far. And I’ve tried almost everything. I’ve tried to provide the key in different forms, like hex and binary, but I never got a valid signature.
So, the next thing I found was using a Custom Apps for this, because in the documentation JWT - Make Apps there is a RS256 option! This is finally what I need, but how ? How can I provide the secret? It allows me to provide the key in a JSON form only and I can’t get it sign properly.
For any help, inspirations and directions I am very thankful.
Cheers,
Steffen