JWT support is easy to implement explicitly. We need a configuration idiom for it and new "auth-method". Auth method should be below client-credentials in priority and only effective if configuration is present for JWT signing.
post body support will require a flag/config override most likely
JWT AM POC:
# AM CLIENT JWT AUTH
# 1. openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
# 2. paste cert.pem into Account Manager (per https://documentation.b2c.commercecloud.salesforce.com/DOC1/index.jsp?topic=%2Fcom.demandware.dochelp%2FOCAPI%2Fcurrent%2Fusage%2FOAuth.html)
# 3. key.pem
set -e
CLIENT_ID="..."
TOKEN_URL="https://account.demandware.com:443/dwsso/oauth2/access_token"
# transliterate for url safe base 64
header=$(cat <<EOF | perl -pe 'chomp if eof' | base64 | tr -- '+/' '-_' | tr -d =
{
"alg": "RS256",
"typ": "JWT"
}
EOF
)
now=$(date +%s)
exp=$(($now + 60))
exp="1000"
body=$(cat <<EOF | perl -pe 'chomp if eof' | base64 | tr -- '+/' '-_' | tr -d =
{
"iss": "${CLIENT_ID}",
"sub": "${CLIENT_ID}",
"aud": "${TOKEN_URL}",
"exp": ${exp}
}
EOF
)
sig=$(echo -n "${header}.${body}" | openssl dgst -sha256 -sign key.pem -binary | base64 | tr -- '+/' '-_' | tr -d =)
JWT="${header}.${body}.${sig}"
echo $JWT
ACCESS_TOKEN=$(curl -s -XPOST ${TOKEN_URL} \
-d "client_assertion=${JWT}" \
-d "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer" \
-d "grant_type=client_credentials" \
| jq -r .access_token)
echo "Access Token: ${ACCESS_TOKEN}"
JWT support is easy to implement explicitly. We need a configuration idiom for it and new "auth-method". Auth method should be below client-credentials in priority and only effective if configuration is present for JWT signing.
post body support will require a flag/config override most likely
JWT AM POC: