I am using SAS 9.4. I want to write a JSON Web Signature ("JWS") to complete my JSON Web Token ("JWT") - (I already have the header and claims encoded and tested). I would like to make API calls to Google (Server to Server API). My problem is that I am not certain how to create the JWS. Per all the docs and tutorial web sites I have researched the syntax to create the signature is (pseudo-code): encodedContent = base64UrlEncode(header) + "." + base64UrlEncode(payload);signature = hashHmacSHA256($encodedContent); and/or var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload);HMACSHA256(encodedString, 'secret'); etc. I have been attempting to create the JWS using SAS PROC GROOVY code found here: https://gist.github.com/FriedEgg/79ad315afa1b315e8ac3 ...and other places. Google's doc (https://developers.google.com/identity/protocols/OAuth2ServiceAccount) states: "Sign the UTF-8 representation of the input ('{Base64url encoded header}.{Base64url encoded claim set}') using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the Google Developers Console. The output will be a byte array." However, I am confused about what "key" to use (or whether I should be using a key) as some sites (example above) just suggest hashing the encoded header+claims while others suggest hashing using a "secret key" while others say "private key" - and the github page (URL above) just states "key". I am also confused about sha1 vs. sha256. The Google docs state sha256 but some have suggested sha1 in this Stack Overflow thread: http://stackoverflow.com/questions/18362327/creating-digital-signature-usining-sas-for-google-api-geocode . I do note a related question where FriedEgg suggested writing a perl module to use sha256 ( https://communities.sas.com/t5/Base-SAS-Programming/Connecting-to-amazon-web-service/m-p/35555/highlight/true#M7036 ) but we do not currently have perl installed on our SAS server and our admins have the x/execute commands in SAS disabled for security purposes. Again, I have verified my header and claims (encoded in SAS) are working using: jwt.io and kjur.github.io/jsjws/tool_jwt.html. Since SAS supports Groovy (PROC GROOVY) I assume that I can write my JWS successfully using java code but I have not yet been able to replicate any JWS in my SAS code using examples found on the sites I have mentioned above and others. Has anyone ever done this before (using SAS to connect to Google APIs using JWT)? Any help is appreciated!
... View more