Json Web Token - JWT

To access a integration in iHub using a JWT the user must setup a JWT Trigger.

This is done by toggle the JWT option on under webhook triggers.

JSON Web Tokens consist of three parts separated by dots (.), which are:

Header
Payload
eSignature

Therefore, a iHub JWT looks like the following.

xxxxx.yyyyy.zzzzz

The JWT token is then exchanged to a bearer which will be the short lived token that authenticate and triggers the integration flow.

RSA 256 Key Pair

First generate a RSA Key pair and download the the key, once downloaded the key can not be recovered if lost. Only option if the key is lost is to generate a new key.

The downloaded file will contain the information needed to exchange the JWT to a Bearer token.

Sign the JWT token

To sign the JWT token use the header and payload.

Header

{
  "alg": "RS256",
  "typ": "JWT"
}

Payload

{
	"iss": "client_id_from_atlassian",
	"sub": "flow_id",
	"aud": "https://ihubprod.rixter.net/prod/incoming/token",
	"iat": "currentTimeSeconds",
	"exp": "plus currentTimeSeconds 1200",
}

Output from the signed will be xxxxx.yyyyy.zzzzz

Exchange the JWT to Bearer

To exchange the JWT to a short lived bearer token,

POST to https://ihubprod.rixter.net/incoming/token

Body:

{
    "grant_type":"urn:ihub:jwt:bearer",
    "assertion":"{{JWT}}"
}

Replace the {{JWT}} with the signed token from above step.

This URN structure indicates:

urn: Namespace denoting a Uniform Resource Name
ihub: Identifies the IHub system
jwt: Specifies a JSON Web Token (JWT)
bearer: Indicates the token type is bearer

Response

If valid it will return a body like below

Use the Bearer token

To trigger the flow send the request to https://ihubprod.rixter.net/incoming/webhook/jwt with the http header Authorization: Bearer {{access_token}}

In this call you will include any data that the integration will process.

Example code for trigging flow

Python

The private key is stored in a file called privateKey.txt in this example

Javascript