Created
May 4, 2022 14:50
-
-
Save bmodeprogrammer/540dc0fb3f0d71fca22e53514dc43658 to your computer and use it in GitHub Desktop.
JWT Authentication Account Service Apex Salesforce
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class JWTAuthAccountService { | |
/* | |
{ | |
"private_key_id": ".....", | |
"private_key": "-----BEGIN PRIVATE KEY-----[KEY HERE, REMOVE "\n" LINEBREAKS]-----END PRIVATE KEY-----\n", | |
"client_email": ".....@developer.gserviceaccount.com", | |
"client_id": "....apps.googleusercontent.com", | |
"type": "service_account" | |
} | |
*/ | |
public String getAccessToken() { | |
Http h = new Http(); | |
HttpRequest req = new HttpRequest(); | |
HttpResponse res = new HttpResponse(); | |
req.setEndpoint('https://accounts.google.com/o/oauth2/token'); | |
req.setMethod('POST'); | |
req.setHeader('ContentType','application/x-www-form-urlencoded'); | |
String header = '{"alg":"RS256","typ":"JWT"}'; | |
String header_encoded = EncodingUtil.base64Encode(blob.valueof(header)); | |
String claim_set = '{"iss":"[EMAIL ADDRESS GOES HERE]"'; | |
claim_set += ',"scope":"[URL SCOPE OF GOOGLE API GOES HERE]"'; | |
claim_set += ',"aud":"https://accounts.google.com/o/oauth2/token"'; | |
claim_set += ',"exp":"' + datetime.now().addHours(1).getTime()/1000; | |
claim_set += '","iat":"' + datetime.now().getTime()/1000 + '"}'; | |
String claim_set_encoded = EncodingUtil.base64Encode(blob.valueof(claim_set)); | |
String signature_encoded = header_encoded + '.' + claim_set_encoded; | |
String key = '[KEY GOES HERE]'; | |
blob private_key = EncodingUtil.base64Decode(key); | |
signature_encoded = signature_encoded.replaceAll('=',''); | |
String signature_encoded_url = EncodingUtil.urlEncode(signature_encoded,'UTF-8'); | |
blob signature_blob = blob.valueof(signature_encoded_url); | |
String signature_blob_string = EncodingUtil.base64Encode(Crypto.sign('RSA-SHA256', signature_blob, private_key)); | |
String JWT = signature_encoded + '.' + signature_blob_string; | |
JWT = JWT.replaceAll('=',''); | |
String grant_string= 'urn:ietf:params:oauth:grant-type:jwt-bearer'; | |
req.setBody('grant_type=' + EncodingUtil.urlEncode(grant_string, 'UTF-8') + '&assertion=' + EncodingUtil.urlEncode(JWT, 'UTF-8')); | |
res = h.send(req); | |
String response_debug = res.getBody() +' '+ res.getStatusCode(); | |
System.debug('Response =' + response_debug ); | |
if(res.getStatusCode() == 200) { | |
JSONParser parser = JSON.createParser(res.getBody()); | |
while (parser.nextToken() != null) { | |
if ((parser.getCurrentToken() == JSONToken.FIELD_NAME) && (parser.getText() == 'access_token')) { | |
// Move to the value. | |
parser.nextToken(); | |
// Return the access_token | |
return parser.getText(); | |
} | |
} | |
} | |
return 'error'; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment