Json Web Token - JWT
To access a integration in iHub using a JWT the user must setup a JWT Trigger.
This is done by toggle the JWT option on under webhook triggers.
JSON Web Tokens consist of three parts separated by dots (.
), which are:
Header
Payload
eSignature
Therefore, a iHub JWT looks like the following.
xxxxx.yyyyy.zzzzz
The JWT token is then exchanged to a bearer which will be the short lived token that authenticate and triggers the integration flow.
RSA 256 Key Pair
First generate a RSA Key pair and download the the key, once downloaded the key can not be recovered if lost. Only option if the key is lost is to generate a new key.
The downloaded file will contain the information needed to exchange the JWT to a Bearer token.
Sign the JWT token
To sign the JWT token use the header and payload.
Header
{ "alg": "RS256", "typ": "JWT" }
Payload
{ "iss": "client_id_from_atlassian", "sub": "flow_id", "aud": "https://ihubprod.rixter.net/token", "iat": "currentTimeSeconds", "exp": "plus currentTimeSeconds 1200", }
Output from the signed will be xxxxx.yyyyy.zzzzz
Exchange the JWT to Bearer
To exchange the JWT to a short lived bearer token,
POST to https://ihubprod.rixter.net/incoming/token
Body:
{ "grant_type":"urn:ihub:jwt:bearer", "assertion":"{{JWT}}" }
Replace the {{JWT}} with the signed token from above step.
This URN structure indicates:
urn: Namespace denoting a Uniform Resource Name
ihub: Identifies the IHub system
jwt: Specifies a JSON Web Token (JWT)
bearer: Indicates the token type is bearer
Response
If valid it will return a body like below
{ access_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI0ZjAxOWQ0My00OTAwLTNhOTgtYWEwNi00NjE0M2Y0MGMwNjEiLCJzdWIiOiIzNGNkMzNlNC1iNmFhLTQ4MzctODc1Yi03ZWQ4MWFhMzk2ZDYiLCJleHAiOjE3MTkzMTk0MDMsImlhdCI6MTcxOTMxOTA4MX0.jljJZJMcYD4PapgraNXoZZWUYOR3mPcTgpd_CUeeqCU', token_type: 'Bearer', expires_in: 1719319403 }
Use the Bearer token
To trigger the flow send the request to https://ihubprod.rixter.net/incoming/webhook with the http header Authorization: Bearer {{access_token}}
In this call you will include any data that the integration will process.