Discussions
Categories
- 385K All Categories
- 2.5K Data
- 580 Big Data Appliance
- 2K Data Science
- 452K Databases
- 222.3K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 32 Multilingual Engine
- 575 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 575 SQLcl
- 4K SQL Developer Data Modeler
- 187.7K SQL & PL/SQL
- 21.5K SQL Developer
- 10 Data Integration
- 10 GoldenGate
- 297.6K Development
- 3 Application Development
- 18 Developer Projects
- 140 Programming Languages
- 294.3K Development Tools
- 118 DevOps
- 3.1K QA/Testing
- 646.3K Java
- 30 Java Learning Subscription
- 37K Database Connectivity
- 185 Java Community Process
- 107 Java 25
- 22.1K Java APIs
- 138.3K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 21 Java Essentials
- 172 Java 8 Questions
- 86K Java Programming
- 82 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 206 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 577 LiveLabs
- 41 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 191 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 240 Portuguese
Function for RSA SHA-256 digital signature
Answers
-
I ran the sign function but the result is in hex. The result for JWT token is not in HEX format. It should look something like
I am following this webpage:
What should I do??
Robert
-
That's Base64 encoding.
If it's shorter than 32k you use utl_raw.cast_to_varchar2(utl_encode.base64_encode(utl_raw.cast_to_raw(<INPUT>)));
If it's longer, you'll have to process the chunks. I wrote as package to simplify some of the hassles of Base64 here.
-
declare l_header varchar2(1000); l_payload varchar2(1000); l_sign varchar2(1000); l_token varchar2(1000); function base64URL_encode( p_raw in raw ) return varchar2 is l_rv varchar2(32767); begin l_rv := utl_raw.cast_to_varchar2( utl_encode.base64_encode( p_raw ) ); l_rv := replace( l_rv, '+', '-' ); l_rv := replace( l_rv, '/', '_' ); l_rv := replace( l_rv, chr(10), '' ); l_rv := replace( l_rv, chr(13), '' ); return rtrim( l_rv, '=' ); end; function base64URL_encode( p_txt in varchar2 ) return varchar2 is begin return base64URL_encode( p_raw => utl_raw.cast_to_raw( p_txt ) ); end; begin l_header := base64URL_encode( p_txt => '{"alg":"RS256","typ":"JWT"}' ); l_payload := base64URL_encode( p_txt => '{"sub":"1234567890","name":"John Doe","admin":true,"iat":1516239022}' ); l_sign := base64URL_encode( p_raw => as_crypto.sign( utl_raw.cast_to_raw( l_header || '.' || l_payload ) , utl_raw.cast_to_raw( 'MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvBsaJq7S5wA+kzeVOVpVWw kWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHcaT92whREFpLv9cj5lTeJSibyr/Mr m/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIytvHWTxZYEcXLgAXFuUuaS3uF9gEi NQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0e+lf4s4OxQawWD79J9/5d3Ry0vbV 3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWbV6L11BWkpzGXSW4Hv43qa+GSYOD2 QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9MwIDAQABAoIBACiARq2wkltjtcjs kFvZ7w1JAORHbEufEO1Eu27zOIlqbgyAcAl7q+/1bip4Z/x1IVES84/yTaM8p0go amMhvgry/mS8vNi1BN2SAZEnb/7xSxbflb70bX9RHLJqKnp5GZe2jexw+wyXlwaM +bclUCrh9e1ltH7IvUrRrQnFJfh+is1fRon9Co9Li0GwoN0x0byrrngU8Ak3Y6D9 D8GjQA4Elm94ST3izJv8iCOLSDBmzsPsXfcCUZfmTfZ5DbUDMbMxRnSo3nQeoKGC 0Lj9FkWcfmLcpGlSXTO+Ww1L7EGq+PT3NtRae1FZPwjddQ1/4V905kyQFLamAA5Y lSpE2wkCgYEAy1OPLQcZt4NQnQzPz2SBJqQN2P5u3vXl+zNVKP8w4eBv0vWuJJF+ hkGNnSxXQrTkvDOIUddSKOzHHgSg4nY6K02ecyT0PPm/UZvtRpWrnBjcEVtHEJNp bU9pLD5iZ0J9sbzPU/LxPmuAP2Bs8JmTn6aFRspFrP7W0s1Nmk2jsm0CgYEAyH0X +jpoqxj4efZfkUrg5GbSEhf+dZglf0tTOA5bVg8IYwtmNk/pniLG/zI7c+GlTc9B BwfMr59EzBq/eFMI7+LgXaVUsM/sS4Ry+yeK6SJx/otIMWtDfqxsLD8CPMCRvecC 2Pip4uSgrl0MOebl9XKp57GoaUWRWRHqwV4Y6h8CgYAZhI4mh4qZtnhKjY4TKDjx QYufXSdLAi9v3FxmvchDwOgn4L+PRVdMwDNms2bsL0m5uPn104EzM6w1vzz1zwKz 5pTpPI0OjgWN13Tq8+PKvm/4Ga2MjgOgPWQkslulO/oMcXbPwWC3hcRdr9tcQtn9 Imf9n2spL/6EDFId+Hp/7QKBgAqlWdiXsWckdE1Fn91/NGHsc8syKvjjk1onDcw0 NvVi5vcba9oGdElJX3e9mxqUKMrw7msJJv1MX8LWyMQC5L6YNYHDfbPF1q5L4i8j 8mRex97UVokJQRRA452V2vCO6S5ETgpnad36de3MUxHgCOX3qL382Qx9/THVmbma 3YfRAoGAUxL/Eu5yvMK8SAt/dJK6FedngcM3JEFNplmtLYVLWhkIlNRGDwkg3I5K y18Ae9n7dHVueyslrb6weq7dTkYDi3iOYRW8HRkIQh06wEdbxt0shTzAJvvCQfrB jg/3747WSsf/zBTcHihTRBdAv6OmdhV4/dD5YBfLAkLrd+mX7iE=' ), as_crypto.KEY_TYPE_RSA, as_crypto.SIGN_SHA256_RSA ) ); l_token := l_header || '.' || l_payload || '.' || l_sign; dbms_output.put_line( l_token ); end; -
Thank you ascheffer.
I was able to generate the sign. But I'm still cannot get the JWT from DocuSign. I get the following result for my response to the API:
{"error":"invalid_grant","error_description":"unsupported_grant_type"}
DocuSign states that the grant_type was blank but it wasn't.
So I'm asking are there any Oracle PL/SQL developers who has had experience with DocuSign embedded signature with JWT authentication. My management is ready to pull the plug on this project since it seems that APEX/ PL/SQL does not work well with DocuSign.
Please help me!!!
Robert
-
I suspect that you will get more help if you show the code you have used.
-
Ascheffer,
Here is the code. Hope you can find the resolution. Thanks in advance.
Robert
-
Several things:
- No need to select sysdate from dual, l_iat := round(( SYSDATE - DATE '1970-01-01' ) * 86400 ,0) will do
- I would check the Oracle documentation for ltrim/rtrim if I was you
- you only need a private key for the signing function
- you token is not l_sign, but l_header || '.' || l_payload || '.' || l_sign;
Just a quick check, no guarantee that this is complete.
-
Ascheffer,
I may the changes you suggestion. Please see the attached. I still get the same error. Can you see anything else?
Robert
-
Ascheffer,
Some more information:
body :
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiI4ZWNkNTRkYi0yODUyLTRhZWEtODhhOS03ZmM2ZDhkOTg5OGEiLCJzdWIiOjZlYzc1ZTg0LTYwMWYtNGNhNC05NzE3LTFkZDFlNDBkZDc2ZSwiaWF0IjoxNjE5NDM2MjY3LCJleHAiOjE2MTk0Mzk4NjcsImF1ZCI6ImFjY291bnQtZC5kb2N1c2lnbi5jb20iLCJzY29wZSI6InNpZ25hdHVyZSBpbXBlcnNvbmF0aW9uIn0.FzoxYh3pN2A-Tqx5Tn6J1ps6wWMewtd_3rmTpRm2gmh5poOTUzO8hNpP4dAbeJbUZuwVkCBC3Z6lxyBVCumYCJ8pHMeHLWisX0kamUge-1FPo4iBSlF0pz9gcYYt1TIl5w2VwKpGHmUdekw2Bu3PtenO3frq0xLuQrlEiMG5EarHethNcRV0zo6FD63fplLoWRWuYK6_CDnbmi1qO8WZVyhSHkysstRwF4kDXUle9SF6jmgh1T4zQhJ8DcG7iYZ4mLig3JccCnChVUmaWpC3Ja2ad3CO-sHcERS475wqLu3oa27_P-9P9HOxryTTLglEQgCgHjUOLSj3_Ux2h6jVfQ
header : {"typ":"JWT","alg":"RS256"}
Payload ={"iss":"8ecd54db-2852-4aea-88a9-7fc6d8d9898a","sub":6ec75e84-601f-4ca4-9717-1dd1e40dd76e,"iat":1619436267,"exp":1619439867,"aud":"account-d.docusign.com","scope":"signature impersonation"}
Robert
-
Are you sure you get the same error {"error":"invalid_grant","error_description":"unsupported_grant_type"}?
I get a {"error":"invalid_grant","error_description":"user_not_found"} using your body
Might have something to do with the sub json string value not being surround with ""
But the way, using this forum as a debug service is probably not the fastest way to solve your problems.
