JWT RS256 authentication in Xojo

Recently a client asked about JWT signatures. So we created an example project to create and verify JWT RS256 signatures in Xojo. This includes new EncodeBase64URLMBS and DecodeBase64URLMBS functions in MBS Xojo Encryption Plugin. We use SignData function in OpenSSLMBS class to sign the data and later use VerifyData function to verify the signature.

Create Signature

This example code takes values from fields on the window and creates the signature to show it in another field:

[code]Sub Create()
// take values from fields and make sure encoding is right and line endings
Dim Header As String = Self.Header.Text.ConvertEncoding(encodings.UTF8)
Dim Payload As String = Self.Payload.Text.ConvertEncoding(encodings.UTF8)
Dim PrivateKey As String = ReplaceLineEndings(Self.PrivateKey.Text, EndOfLine.UNIX).ConvertEncoding(encodings.UTF8)
Dim Password As String = Self.Password.Text.ConvertEncoding(encodings.UTF8)

// now prepare string to sign
Dim EncodedString As String = EncodeBase64URLMBS(header) + "." + EncodeBase64URLMBS(Payload)

// sign it with RSA key and SHA 256 hash
Dim Signature As String = OpenSSLMBS.SignData(EncodedString, PrivateKey, Password, OpenSSLMBS.kAlgorithmSHA256)

// encode signature
Dim SignatureEncoded As String = EncodeBase64URLMBS(Signature)

// and build JWT RS 256 signature
Dim result As String = EncodedString + "." + SignatureEncoded

output.Text = result

End Sub[/code]

Verify Signature

And the code from the verification button to check the signature:

[code]Sub Verify()
// take values from fields and make sure encoding is right and line endings
Dim PrivateKey As String = ReplaceLineEndings(Self.PrivateKey.Text, EndOfLine.UNIX).ConvertEncoding(encodings.UTF8)
Dim Password As String = Self.Password.Text.ConvertEncoding(encodings.UTF8)

// check if we have a dot in the input.
Dim t As String = output.Text.ConvertEncoding(encodings.UTF8)
Dim p As Integer = InStr(t, ".")

If p = 0 Then
	MsgBox "invalid text?"
	Return
End If

// split JWT into three parts:
Dim Header    As String = NthField(t, ".", 1)
Dim Payload   As String = NthField(t, ".", 2)
Dim Signature As String = NthField(t, ".", 3)

// define the signed portion
Dim EncodedString As String = Header + "." + Payload

// decode all three parts
Signature = DecodeBase64URLMBS(Signature)
Header    = DecodeBase64URLMBS(Header)
Payload   = DecodeBase64URLMBS(Payload)

// verify signature
If OpenSSLMBS.VerifyData(EncodedString, signature, PrivateKey, Password, OpenSSLMBS.kAlgorithmSHA256) Then
	// show the valid data:
	MsgBox header
	MsgBox Payload
Else
	MsgBox "Verification failed."
End If

End Sub[/code]

New functions coming soon for 20.3pr9. Please do not hesitate to contact us with your questions.

As MBS Xojo Plugins 20.3 is available on the website for download, please try the new features!