Decode and filter JWT

[5011-5011]

@bharbharHi, I would like to know if you can help me.
I'm working on filtering the jwt by its time of issue. I have tried to do this by creating functions that take the jwt from the incoming request header, then decode it and filter it by its broadcast time.
However I have not been successful, I think the problem is because it does not decode the jwt and does not process the following.
I have read that certain libraries like jsonwebtoken are not compatible with Mirth connect, I have my doubts about this.
If you could help me I would appreciate it, I've been stuck on this for a while.

Originally posted by @bharbhar in #5503 (comment)

[pacmano1]

@5011-5011 This should be in discussions, not submitted as an issue. I am moving it now.

[pacmano1]

I noted at #5503 (comment), another way to generate JWTs that uese jsrassign.. Please note the comments made at the top or the code at https://github.com/pacmano1/Mirth-Snippets/blob/main/epicJWTforBackend.js, line 6 is important, you must make a variable declaration to skip this library looking for web browser properties.

That same librarry allows you do verify and decode tokens, see https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification.

From the bottom of that page, showing the token header and payload in mirth can be done wiht:

var sJWT = "eyJhb....."   // this is the jwt

var headerObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(sJWT.split(".")[0]));
var payloadObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(sJWT.split(".")[1]));

$c('headerObj',headerObj)
$c('payloadObj',payloadObj)

Note https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification has other things you can do with the token.

Be careful with javascript vs java variables in Mirth when working with this library.

I would also cache your validation of these tokens for faster performance in Mirth rather than call the librrary every time.

[5011-5011]

Thanks @pacmano1 for sharing that information, however I managed to create my jwt correctly.
When I decode it (with a simple function) its json structure does not allow me to access the payload, so it is impossible for me to map from the tree of messages in the transformer.
Do you have any suggestion?

I attach an image of how it looks decoded at the moment.
What I need is to be able to access the payload from the message tree.

[pacmano1]

I don't understand your question. You did not use my code above, you appended the header and payload to one variable.

Please use the exact code above:

$c('headerObj',headerObj).   // This is the same thing as channelMap.put('headerObj',headerObj)
$c('payloadObj',payloadObj). // This is the same thing as channelMap.put('payloadObj',payloadObj)

and then just and example of grabbing one value:

logger.info($c('payloadObj').aud).  // just an example

[5011-5011]

@pacmano1 I apologize for not explaining well.
I have my jwt created with CrypoJS, and what I really need is to be able to decode it to work with the payload of it.
The question is: how should I apply correctly what you suggested? having clear that I only need to decode the jwt.

[pacmano1]

What do you mean by payload? Do you mean the inbound post of data in the body section? If you are asking a client to post to your endpoint using JWT then your task is to validate the JWT not use any part of it to decrypt sometrhing. The body would be not encrypted.

On the other hand if you are generating a JWT you would be typically adding it as an authorization header and postiing to the other side a normal non-encrypted body as part of the message.