Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

AEM - Create a JSON Web Token (JWT) | AEM Community Blog Seeding





AEM - Create a JSON Web Token (JWT) by Adobe Docs


JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. JWT.io libraries were used in this sample to generate the JWT.
The service credentials that you have downloaded in the previous step contains the private key in the PKCS#1 format.To extract the private key from this string we have used BouncyCastle libraries. The crypto libraires that are part of java do not support PKCS#1 format.

The following code was used to generate the JWT:

public String getJWTToken()
Security.addProvider(new BouncyCastleProvider());
RSAPrivateKey privateKey = null;
GetServiceCredentials getCredentials = new GetServiceCredentials();

long now = System.currentTimeMillis();
Long expirationTime = now + TimeUnit.MINUTES.toMillis(5);
// get the private key string from the service credentials
String privateKeyString = getCredentials.getPRIVATE_KEY();
//The JWT signature algorithm we will be using to sign the token
SignatureAlgorithm sa = SignatureAlgorithm.RS256;

Reader targetReader = new StringReader(privateKeyString);
// PEMParser removes the unnecessary headers and decodes the underlying Base64 PEM data into a binary format.
PEMParser pemParser = new PEMParser(targetReader);
// tores the result generated by the pEMParser
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp = converter.getKeyPair((PEMKeyPair) object);
privateKey = (RSAPrivateKey) kp.getPrivate();

//Let's set the JWT Claims

Map < String, Object > jwtClaims = new HashMap < String, Object > ();
jwtClaims.put("iss", getCredentials.getORG_ID());
jwtClaims.put("sub", getCredentials.getTECH_ACCT());
jwtClaims.put("exp", expirationTime);
jwtClaims.put("aud", "https://" + getCredentials.getIMS_ENDPOINT() + "/c/" + getCredentials.getCLIENT_ID());
String metascopes[] = new String[] { getCredentials.getMETASCOPE_ID() };

for (String metascope: metascopes)
jwtClaims.put("https://" + getCredentials.getIMS_ENDPOINT() + "/s/" + metascope, java.lang.Boolean.TRUE);

// Create the final JWT token
String jwtToken = Jwts.builder().setClaims(jwtClaims).signWith(sa, privateKey).compact();
System.out.println("Got JWT Token " + jwtToken);
return jwtToken;

} catch (IOException e) {

System.out.println("The error is " + e.getMessage());
return null;


Read Full Blog

AEM - Create a JSON Web Token (JWT)


Please use this thread to ask the related questions.