Last active
August 24, 2020 16:32
-
-
Save aricart/4c5be93d3ace0b781731d8b6d831f40b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { createUser, fromSeed } = require("nkeys.js"); | |
| const te = new TextEncoder(); | |
| const seed = "SAAGNKC24HXG5TD5XKKSWSVFRRKYQGZXF5LCTNXNNWCHO6C4WX3OTDQQNU"; | |
| const a = fromSeed(te.encode(seed)); | |
| const aid = a.getPublicKey(); | |
| const u = createUser(); | |
| const uid = u.getPublicKey(); | |
| const header = { | |
| typ: "jwt", | |
| alg: "ed25519", | |
| }; | |
| const body = { | |
| jti: "someuniqueid", | |
| iss: aid, | |
| sub: uid, | |
| name: "my user", | |
| aud: "NATS", | |
| iat: Math.floor(Date.now() / 1000), | |
| type: "user", | |
| nats: { | |
| bearer_token: true, | |
| pub: { | |
| "allow": ["foo"], | |
| }, | |
| }, | |
| }; | |
| function b64url(b64) { | |
| b64 = b64.replace(/=/g, ""); | |
| b64 = b64.replace(/\+/g, "-"); | |
| return b64.replace(/\//g, "_"); | |
| } | |
| const hstr = b64url(btoa(te.encode(JSON.stringify(header)))); | |
| const bstr = b64url(btoa(te.encode(JSON.stringify(body)))); | |
| // JWT v2 will sign the header and the body... | |
| const sig = b64url(btoa(a.sign(new TextEncoder().encode(bstr)))); | |
| const creds = `-----BEGIN NATS USER JWT----- | |
| ${hstr}.${bstr}.${sig} | |
| ------END NATS USER JWT------ | |
| ************************* IMPORTANT ************************* | |
| NKEY Seed printed below can be used sign and prove identity. | |
| NKEYs are sensitive and should be treated as secrets. | |
| -----BEGIN USER NKEY SEED----- | |
| ${new TextDecoder().decode(u.getSeed())} | |
| ------END USER NKEY SEED------`; | |
| console.log(creds); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment