Json Web Token - JWT
To access a integration in iHub using a JWT the user must setup a JWT Trigger.
This is done by toggle the JWT option on under webhook triggers.
JSON Web Tokens consist of three parts separated by dots (.
), which are:
Header
Payload
eSignature
Therefore, a iHub JWT looks like the following.
xxxxx.yyyyy.zzzzz
The JWT token is then exchanged to a bearer which will be the short lived token that authenticate and triggers the integration flow.
RSA 256 Key Pair
First generate a RSA Key pair and download the the key, once downloaded the key can not be recovered if lost. Only option if the key is lost is to generate a new key.
The downloaded file will contain the information needed to exchange the JWT to a Bearer token.
Sign the JWT token
To sign the JWT token use the header and payload.
Header
{ "alg": "RS256", "typ": "JWT" }
Payload
{ "iss": "client_id_from_atlassian", "sub": "flow_id", "aud": "https://ihubprod.rixter.net/token", "iat": currentTimeSeconds, "exp": plus currentTimeSeconds 1200, }
Output from the signed will be xxxxx.yyyyy.zzzzz
Exchange the JWT to Bearer
To exchange the JWT to a short lived bearer token,
POST to https://ihubprod.rixter.net/incoming/token
Body:
{ "grant_type":"urn:ihub:jwt:bearer", "assertion":"{{JWT}}" }
Replace the {{JWT}} with the signed token from above step.
This URN structure indicates:
urn: Namespace denoting a Uniform Resource Name
ihub: Identifies the IHub system
jwt: Specifies a JSON Web Token (JWT)
bearer: Indicates the token type is bearer
Response
If valid it will return a body like below
{ "access_token": "0AY_VpZg4WI2L0VYjXAc9ccwpNwj2TYbAJ-p_o2pCHHXWGK1N_ADhZ93y0e2REPitoJkbWs-VsEby0pTQXj1tP-5Wh8RTgbqKY343JvMhU_5EKf1vwXA8jUXeANWte-om4yGBIxbI7CUodb1hOfRuIw23RdSHHvvUWsKraffuJ0xpOr5sLTzc3NAdsak4Xjc8IjujDMoHDoEqECzL12CCCrVnkiDuGPN4TNnLbBPnqM91L-6a5WlC-bD3EetEmW7lS3R0GK7HLexgMiAwhKc9EXIaV3v_nwJZp2STQZcxc8Q4YcqCtKgOsSfrPb87MQ3z2FE2sBOmhIziLBS5WifWvYaBhWcyvxifWxj5aw7Ad0GvKRQzsbdP2GwGN385D42jpSupk9oxui84wuq6wr9bRsWagYwQjto-x2y7gZwyrMVyQpBOy_3QhhIY32Xw6vJoOj-2ypRWaIXnhzUyfJkfJv5j_4a8F_grpI9wigVS1X5cdkIBiis-ZuvYvkx8fIJ0nn59bFsomi1qvJ9pMyWByVZ4w2yeyuso7-Q2qRX0jrWbRrOsOMsl5xQoOZYZRm-bFz66ynd-3q50qjcr2QtdQy_ZXcQSZ1bkQjwio7x0jz_Yptn9Bfl2geOeioze__d-_9xd1ZZMwixbYvWuxklh8hvakVyIkc9ZfBMo5dMen6l89Wy0tsq5-65zvB8SZyfk-qikWic_ouVo26kJ1Xe-ni36dxxzoxM-Vu4Wuq3kJ58QhVcUhj9m6zzk866trqqJnx28cBJQ9ofhf8BjcOilO-bt8dJV-ZrRS2-vyFZq9_1d9tvMZe6WJ1JoVbQx7tne_7S8y3Jn2n3Frc18loQ9__Ye_5ic04ed367srWvi-1ojYbOM79hy5mnu2VMU6isFz_hUVqqj5Z-xXZIsQ02vW0g_uIltq85waObt8wYziv4lZU--UUZ1h72McynvY81gqQlB4uVIb6Sp_XprXYtgIOsIYkuQsp7so9ls4Rl7l52Zdkd1W29IF2w", "token_type": "Bearer", "expires_in": 3599 }
Use the Bearer token
To trigger the flow send the request to https://ihubprod.rixter.net/incoming/webhook with the http header Authorization: Bearer {{access_token}}
In this call you will include any data that the integration will process.