How can I use CreateSignedJWT with a string rather than keystore key

Report · Feb 22, 2024

I'm trying to do the following:

secret_key = "sometihng";
web_token = CreateSignedJWT(payload_string, secret_key, hash_params );

And I receive error: signOptions type not supported, it has to be of type Key or KeyPair or Struct

Coldfusion's jwt documentation states the secret_key parameter should be a struct, which I understand. However, I'm unclear on how to use the secret key as a string without using the keystore, because if I use

key_options = {
        key = secret_key
    }

web_token = CreateSignedJWT(payload_string, key_options, hash_params );

then I receive error Either the keystore path is invalid or corrupt or the keystore password is wrong.

The key itself is stored in an encrypted database column, so I want to pass a string version of it. How can I do this without the keystore?

Report · Feb 23, 2024

In the second definition of web_token , the argument key_options is a struct. I think that that is the correct type, rather than string.

However, the struct should have, not one key, but three. Namely,

Key
KeyPair - private Key
Keystore file, keystore password, keystore alias

The documentation on CreateSignedJWT gives you the following example:

<cfset k=getKeyPairfromkeystore({  
        "keystore" : "test_jws1.keystore",
        "keystorePassword": "****",  
        "keypairPassword": "****",  
        "keystoreAlias": "contentKey"
    }) >

<cfset key_options=k.getPrivate()>