Join BoxWorks in San Francisco Nov 12-13! Keynotes, product demos, and Box Master Classes. Reserve your spot!

How to decrypt a private key in pure non-Node Javascript

New post

Comments

9 comments

  • jcleblanc

    Hi ,

     

    Here's an end-to-end guide on how to go through the JWT auth process without the SDKs. There are Node samples throughout the doc which should help.

     

    - Jon

    0
    Comment actions Permalink
  • Ali12345

    Hello ,

     

    I went through the link before also.

     

    It described method of node.js but I want pure JavaScript implementation of this.

     

    Please help.

     

    Thanks,

    Ali

    0
    Comment actions Permalink
  • cbetta

     what JS evironment would you like to see this implemented for instead? 

    0
    Comment actions Permalink
  • Ali12345

    Hello ,

     

    I want to implement this in ServiceNow. ServiceNow uses JavaScript for both client and server side scripting. So i need this implementation in JavaScript. I am exactly not sure about earlier version( Which is true for our Global applications), but recently SNOW upgraded JS engine to support ECMAScript5 standard.

    https://docs.servicenow.com/bundle/london-application-development/page/script/JavaScript-engine-upgrade/concept/c_JS_engine_upgrade.html

     

    so is there implementation available for ServieNow?

     

    Thanks,

    Ali 

    0
    Comment actions Permalink
  • cbetta

     I had to do some digging, but it seems that ServiceNow uses Rhino as their JS engine. I understand your problem now, but I doubt we have an easy fix for this.

     

    The code we shared before indeed depends on importing some additional NPM modules, as well as build in Node standard libraries.

     

    I have a similar sample up on my GitHub that is written in pure Node, without any additional NPM modules.

     

    https://github.com/cbetta/box-playground/blob/master/node/03-jwt-auth-vanilla.js

     

    I know this is not exactly what you were asking for, but it's the closest I can get you to a solution. Your main challenge would be to transate the inclusion of the "fs", "crypto", "querystring" and "https" libraries to the Rhino equivalents.

     

    An alternative option would be to look at this 3rd party JS client side SDK that someone in our community has written:

     

    https://github.com/allenmichael/box-javascript-sdk

     

    It might also be good to have a look at https://jwt.io/ for JWT librariers that are written in pure JS.

     

    On a final note, it might be good to ping the Developer Advocate at Service Now (Dave Slusher, https://twitter.com/daveslushernow) for some more advice on using Node code on ServiceNow.

     

     

     

     

    0
    Comment actions Permalink
  • cbetta

    One final thought: your easies tthing might be to simply decrypt your key locally, and then load it directy into your JS on servicenow.

    0
    Comment actions Permalink
  • DaveSlusherNOW

    Hi Ali,

     

    I am digging in to the problem and will *try* to get some working example code for you next week. If/when I do then I'll post about it on our developer blog (https://developer.servicenow.com/blog.do) and drop a reference in here. 

     

    Thanks! We'll get you sorted out one way or the other.

     

    Best,

    d

    0
    Comment actions Permalink
  • DaveSlusherNOW

    Here's some more information on this topic. There are two answers now: 

     

    1 - This will become a first class operation in the Madrid release .JWT Grant will become a supported authentication type so it will be in the platform without any extra hackery. Madrid is scheduled for early access Very Soon Now and general availability later in the spring. In our documentation that will go out, Box is one of the canonical examples of using this authentication type.

     

    2 - We started to tackle this problem in the most recent Live Coding Happy Hour.

     

    https://www.youtube.com/watch?v=TA7XKmMPLgI

     

    We were able to import a project from GitHub that wraps CryptoJS into a single file. I put that in a Script Include and could do some basic hashing, signing and decrypting. This week will try to actually do the JWT Grant request and see if we can access some of the Box APIs.

     

    So, if going to Madrid soon it will be very easy. If that is not an option, we're still working on getting you an answer that will require some fiddling but hopefully not too much.

     

    Thanks,

    d

    0
    Comment actions Permalink
  • DaveSlusherNOW

      I've made headway. I've just published a blog post about how to set this up in a Madrid instance. It can conceivably be much easier with the IntegrationHub spoke but it was just released yesterday so I have no hands-on time with it yet.

     

    https://developer.servicenow.com/blog.do?p=/post/integrating-servicenow-to-box-with-jwt/

     

    Hopefully this gives you an idea of the JWT capabilities in the platform as we progress. Let me know if you need anything else.

    1
    Comment actions Permalink

Please sign in to leave a comment.