Sample JWS requests?

I’m developing a Client compatible with my self written server however, I’ve run into the problem of generating a valid JWS JSON. Would anyone have several sample JWS requests? Or possibly a sample structure?

The best reference is the source, if you ask me: https://tools.ietf.org/html/rfc7515

Section 3.3 has an example one being created.

1 Like

Hi @sdamnico,

Can you explain more about your server implementation? Is it implementing the newest ACME draft or is it closer to what Boulder/Let’s Encrypt implements?

The reason I ask is that there are some differences in how the JWS are used between the current “V1” API that Let’s Encrypt/Boulder has implemented and “V2” (What we’re calling a new endpoint based on the current-most draft).

Here’s an example of a JWS using the older format where the signing key is embedded directly into the JWS. It was signed with a randomly generated RSA key. The nonce value was “1234”. The payload was a trivial example payload {"resource":"some-acme-endpoint"} that specifies a made-up resource. Here’s the program I used to make it.

{
  "payload": "eyJyZXNvdXJjZSI6InNvbWUtYWNtZS1lbmRwb2ludCJ9",
  "protected": "eyJhbGciOiJSUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJuIjoidFNNRzI1S21mT0VzbWFoakVkaDVySzBKYldFbHJmQllYODRILTJaMnVhcjBIR2JhNURxTmZtay05VzZUUE41MTNJUG15YkZSTzE1UUhhNUZNZ28tNTNNdklXX2RLdkVVR2ZDTE5ZRVNMVnJWenUzNHRaVHVxZS1mYnhWZExJUGdEX05TTTRldFN1c2NLcC1pMHBMVmtJYTRoYjFDYW9obHRyTExqQlJsOWdYbGJRTmY4bko3a1RmN2h0VkpDM3JzQTVKNDRZbDhYOVBkSnBORFROSmx5R2g0V1hXdENJMFJ2ZV9qWTVJbG1TYVcxZTBWSUpXQlJ4NEc4TjBrSy1uR29FMTJpZ0RMaVpteWFXOGE5RENjV3ktckJQM2gxVno5VUxPSXFwRTAzXzNab2FmZFMzSnVmamZ4SkpxZFplbXVpS1A2bDRMeGpucnBHUVY3X3d3U0JRIiwiZSI6IkFRQUIifSwia2lkIjoiIiwibm9uY2UiOiIxMjM0In0",
  "signature": "UKTna2zqYo19yZR3VO7EnNboUwr3qqmtdim-psSlgwSDsu0mXgqik8mf7YhVVVHhoXqltdFd4DISL5M_FVZOufXJXAVSL6jBYpwPsT6uhHCphqF-w2HLOfW2d3yHy7vmzMYPD7JaO456Ad5lbY6GU5B1_snv5XqAM6czITrq2xPoDgpcy6pjujfSu5ADRRGPu6BiSSoTbrpAzLUEQb_z-kyoRPQy7NI0vJhWpVHH7mcCxuxE27mV7620OiqkfW-VV6HfOGqWJhMLBa8qlRtWFduy11_lsCK3H-d6wi5h9mIVOwcyQ_U8ro45jvhq1OgC-_nO0mlgfjb6NxNxxqGHpg"
}

Here’s an example of a JWS using the new V2 format where the signing key is identified by Key ID and not by embedding the JWK. It was signed with a randomly generated RSA key and has the trivial payload {}. The V2 API doesn’t use the “resource” payload field anymore and instead sets a protected URL header. In this example the protected URL header value was "http://localhost/some/acme/endpoint". The nonce value was “1234”. Here’s the program I used to generate it.

{
  "payload": "e30",
  "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHA6Ly9sb2NhbGhvc3QvcmVnLzEyMzQifQ",
  "signature": "48vOffjImM3IiQ8WAHSbs5I9O_Z7uGcEZ8oOCv0kKlUnI8_vNglfmbmtfLSPBWIx5cRMv3kkDjr7Re_wjxwOpREAyhG2tQJ83axGJlDb5nmeqc7u3fYGHH4voba_ukZXoOrGOXVvGh6kXTM_O8BsXL2b3Stx_cxjCDxyy23qo5Yy28sgZVnTzLESINePeljHTTSjfCiRPpF_jcskFAb7S_IXVrfVwCF2D-1XbNPOkbidvf3yvIZCPPufT3RTf74pBQS6HUWzLJqy-6WYpILb3REhQukzfu979EEolxcmjOoaqv1moC7jKIgSUFBUbLVOCqE2ntam_31w9QUO9uBsyQ"
}

Hope that helps! If you intend to run my example programs don’t forget to make sure you have gopkg.in/square/go-jose.v2 in your Go path :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.