Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Generate JWT using Google Service Account

Sheela
Level 6

‎26-03-21 11:37 AM

I have to use an API which is Google hosted micro-service.
For authentication, I have to generate a token(JWT) from Google Service Account.
I have Private key Id, Private Key, client email, client id, auth_uri, Token_uri.
Could you please help me how to get token with this details.
Im using version 6.5.1
0 Likes
7 REPLIES 7

ewilson
Staff
Staff

‎26-03-21 01:14 PM

Are you using the Blue Prism Web API service feature to interact with this API? If so, have you tried creating a OAuth2 - JWT credential in Credential Manager with your details and associating that credential with your Web API?

Cheers,

------------------------------
Eric Wilson
Director, Partner Integrations for Digital Exchange
Blue Prism
------------------------------
0 Likes

Sheela
Level 6
In response to ewilson

‎29-03-21 11:11 AM

Hi Eric, 

We need to generate a jwt token from this https://jwt.io/.
Do we have provision to get such token in Blue Prism.

Regards,
Sheela

------------------------------
Sheela Parthasarathy
Assistant Consultant
TCS
Pacific/Apia
------------------------------
0 Likes

ewilson
Staff
Staff
In response to Sheela

‎29-03-21 02:29 PM

Yes, Blue Prism can deal with JWT. The question is, how are you trying to integrate with the Google micro service you mentioned? Are you working with a REST API or are you trying to do this via UI automation? If you're working with a RESTful API, are you using the Blue Prism Web API service feature (System -> Objects -> Web API Services) or are you using some other VBO?

Cheers,

------------------------------
Eric Wilson
Director, Partner Integrations for Digital Exchange
Blue Prism
------------------------------
0 Likes

Sheela
Level 6
In response to ewilson

‎29-03-21 06:06 PM

Hi Eric,
It is REST API and I'm planning to do via Web API Services. But I was not sure how to generate token with details(like kid, sub, aud, exp) and how to pass the generated token in the api call.

Regards,
Sheela

------------------------------
Sheela Parthasarathy
Assistant Consultant
TCS
Pacific/Apia
------------------------------
0 Likes

ewilson
Staff
Staff
In response to Sheela

‎29-03-21 06:58 PM

Ok, if you're going to use the Web API services feature then what you want to do first is create a new entry in System -> Security -> Credentials. Define the credential as type OAuth 2.0 (JWT Bearer Token), fill in the Issuer and Private Key information. Also make sure to set the Access Rights so your Web API service definition will be able to use the credential.

Once you've done this, go to your Web API Service definition and on the Common Authentication page select OAuth 2.0 (JWT Bearer Token) from the Authentication Type dropdown. Fill in Authorization URI. If you happen to have values for Audience, Scope, and/or Subject, fill those in too. In the Credential dropdown, select the name of the credential you created in Credential Manager. That should be it. BP will take care of the details of issuing the auth request whenever you call any action on your Web API service definition.

Cheers,

------------------------------
Eric Wilson
Director, Partner Integrations for Digital Exchange
Blue Prism
------------------------------
0 Likes

Sheela
Level 6
In response to ewilson

‎30-03-21 03:58 PM

Hi Eric,

Thanks for your response.
My authentication is bit different. We are not provided/suppose to use Auth URI.
Can you please refer the section 'Making an authenticated request to an Endpoints API'
in below link, where it generates the token with private key, service account, audience& expiry And passes the token in Header as Authorization: Bearer ${TOKEN}

https://cloud.google.com/endpoints/docs/openapi/service-account-authentication#:~:text=see%20OpenAPI%20extensions.-,Making%20an%20authenticated%20request%20to%20an%20Endpoints%20API,the%20service%20account's%20private%20key.

For testing purpose, API team provided me a jar file to generate token in my windows desktop. 
I generated it manually and copied in WebAPi header as in screenshot attached.
Could you please let me know if it is possible to generate token and pass it as header as above.

------------------------------
Sheela Parthasarathy
Assistant Consultant
TCS
Pacific/Apia
------------------------------
Preview file
13 KB
0 Likes

ewilson
Staff
Staff
In response to Sheela

‎30-03-21 04:59 PM

If you can't use the onboard credential manager and Common Authentication features of Blue Prism, you'll have to use a separate library to generate your JWT's and pass those into your Web API service as an input item. This is basically the same idea as calling the JAR your API team gave you.

To do this you'll have to a VBO with a Code stage that implements the necessary logic. What that looks like will depend on which .NET library you choose to use. There are several listed on the jwt.io site.

Once you have that VBO in place, you'll call it first to generate the JWT and then pass it into the Web API. You could even make the VBO the sole interface and just have it wrap the Web API service interaction, so all you would have to interact with in your process in the VBO.

Cheers,


------------------------------
Eric Wilson
Director, Partner Integrations for Digital Exchange
Blue Prism
------------------------------
0 Likes