How to decrypt a private key in pure non-Node Javascript
Hello All,
I need to use BOX integration with JWT authorization. I cannot use BOX SDKs as I want to run my application on ServiceNow platform which supports only javascript.
How should I decrypt the private key in Javascript?
Any help is much appreciated.
Thanks,
Ali
-
Hi ,
Here's an end-to-end guide on how to go through the JWT auth process without the SDKs. There are Node samples throughout the doc which should help.
- Jon
-
Hello ,
I want to implement this in ServiceNow. ServiceNow uses JavaScript for both client and server side scripting. So i need this implementation in JavaScript. I am exactly not sure about earlier version( Which is true for our Global applications), but recently SNOW upgraded JS engine to support ECMAScript5 standard.
so is there implementation available for ServieNow?
Thanks,
Ali
-
I had to do some digging, but it seems that ServiceNow uses Rhino as their JS engine. I understand your problem now, but I doubt we have an easy fix for this.
The code we shared before indeed depends on importing some additional NPM modules, as well as build in Node standard libraries.
I have a similar sample up on my GitHub that is written in pure Node, without any additional NPM modules.
https://github.com/cbetta/box-playground/blob/master/node/03-jwt-auth-vanilla.js
I know this is not exactly what you were asking for, but it's the closest I can get you to a solution. Your main challenge would be to transate the inclusion of the "fs", "crypto", "querystring" and "https" libraries to the Rhino equivalents.
An alternative option would be to look at this 3rd party JS client side SDK that someone in our community has written:
https://github.com/allenmichael/box-javascript-sdk
It might also be good to have a look at https://jwt.io/ for JWT librariers that are written in pure JS.
On a final note, it might be good to ping the Developer Advocate at Service Now (Dave Slusher, https://twitter.com/daveslushernow) for some more advice on using Node code on ServiceNow.
-
Hi Ali,
I am digging in to the problem and will *try* to get some working example code for you next week. If/when I do then I'll post about it on our developer blog (https://developer.servicenow.com/blog.do) and drop a reference in here.
Thanks! We'll get you sorted out one way or the other.
Best,
d
-
Here's some more information on this topic. There are two answers now:
1 - This will become a first class operation in the Madrid release .JWT Grant will become a supported authentication type so it will be in the platform without any extra hackery. Madrid is scheduled for early access Very Soon Now and general availability later in the spring. In our documentation that will go out, Box is one of the canonical examples of using this authentication type.
2 - We started to tackle this problem in the most recent Live Coding Happy Hour.
https://www.youtube.com/watch?v=TA7XKmMPLgI
We were able to import a project from GitHub that wraps CryptoJS into a single file. I put that in a Script Include and could do some basic hashing, signing and decrypting. This week will try to actually do the JWT Grant request and see if we can access some of the Box APIs.
So, if going to Madrid soon it will be very easy. If that is not an option, we're still working on getting you an answer that will require some fiddling but hopefully not too much.
Thanks,
d
-
I've made headway. I've just published a blog post about how to set this up in a Madrid instance. It can conceivably be much easier with the IntegrationHub spoke but it was just released yesterday so I have no hands-on time with it yet.
https://developer.servicenow.com/blog.do?p=/post/integrating-servicenow-to-box-with-jwt/
Hopefully this gives you an idea of the JWT capabilities in the platform as we progress. Let me know if you need anything else.
Please sign in to leave a comment.
Comments
9 comments