Creating JSON Web Token (JWT)

I am experimenting with a binding to get vehicle information from a backend system, similar to VolvoOnCall or Tesla. The APIs require the use of a JWT in the authentication handshake, and oddly uses an insecure key length.

I was able to build my binding with JJWT (https://github.com/jwtk/jjwt) but this library staunchly refuses to work with the insecure key, which is probably a good stand, but an impediment to my goal. Another promising library is jose4j (https://bitbucket.org/b_c/jose4j/wiki/Home) but including this leads down a path of dependencies (in particular BouncyCastle) which I believe would make deployment challenging if my effort is successful.

I have scoured the forums and repos looking for examples of Bindings using a JWT for access to APIs. Unfortunately I really have not found any solution. I did notice a recent merge from @ysc to use JWTs in the REST interface, and the code has a dependency on jose4j. I did not see the other dependency in the code changes, so maybe I’m missing something obvious.

Does anyone have any insights or suggestions to use JWTs? I’d like to stay within the best practices of OpenHAB so anything I build could benefit the community. Thanks for any leads.

According to the footnotes at b_c / jose4j / wiki / Home — Bitbucket, you don’t really require BouncyCastle unless you have a need for specific signature or encryption algorithms (PS256†, PS384† and PS512†, A128GCMKW‡, A192GCMKW*‡ and A256GCMKW*‡, A128GCM‡, A192GCM*‡ and A256GCM*‡)

Also note that if you’re targeting openHAB 3, it will run on Java 11, and jose4j is now a core dependency (and a Karaf feature) so you should be able to use it in your binding simply by declaring it as a feature dependency.

Thank you very much Yannick. I expanded my search into UIs and found the jose4j and BouncyCastle dependency in HABot. Using those I can now compile and hopefully get passed the JWT impediment. Then I have a large amount of coding, so good chance openHAB 3 will be there for me when I’m done.