hi everyone in this video i'm going to demonstrate you how we can generate a json web token jwt for short in servicenow instance uh so first of all what is the json web token json web token if we go according to theoretical languages is a security token which provides identity and security information which can be shared across domains so security token is generally issued by a identity provider and consumed by third parties which rely on that token for security related purposes so let us just directly jump on to the implementation part and in one of my previous videos i've already demonstrated you how we can use or how we can create a self-signed certificate on our own so i'm going to use the same certificate which we have created in the past and the java keystone file which was generated as part of that demo i am going to upload the same file into the service now instance and json web token will be generated on the basis of that so let me quickly jump on to the certificates module i am going to click on new so once i click on new this is the form that is open i will select java keystore over here and let me give some sample name like demo keystore and i will attach the keystone file so this is my client key store which we generated in a previous demo and once i save it it automatically populates the keystone password over here now i'm going to navigate to the jwt keys module let's give it a name demo jwt key and here i'm going to select the certificate which i have just uploaded into the service constants and here is the signing key which i need to provide so there are two keys which are associated with the keystore one of the key is the one associated with the keystone and the second key is the one which is associated with the key these two options we get while we are trying to create the certificate so if you want you can keep the same key for your keystone as well as the key so let me just mention the key which i have used and i'm going to just save it now i will just navigate to the jwt providers module and let's give it a name in designing configuration i will select the gwd key and i will save this module as well so once this is saved i can see that there are certain claims added over here which will be part of my jwt key which is going to get generated so these are the claims which are mandatory to be sent but also it again depends upon the relying party the third party with whom you are integrating to whom you are supposed to send this token to so you should just check with the third party team what claims are necessary at the end for them to consume and you have to include all of those as part of the jwt documentation rfc 7519 these are the ones which are mandatory and should be included and there are others which can be included if you want so let me just explain what uh these three claims are all about so the first one is aud claim so the aud claim specifies the audience and it identifies the authorization server as an intended audience so here you can specify your authorization server url or some other information which is specific to your authorization server and coming to the second one is iss so iss claim contains a unique identifier for the entity that issued the jwt so for example i am integrating uh my service now with let's say box so if servicenow is generating that json web token so my service now instance is the issuing authority in that case so accordingly i can give any string value over there in this column claim value and the last one is sub sub just identifies the subject that is the part of your json web token so it can be differentiated in two ways that let me think of a possible use case over here subject can be any identifier or subject can also be your client id if you're using a jwtv oauth so in those cases you can also include the client id of your authorization server in the subject so now just moving ahead and let's see how we can generate a jwt token for now i do not need to add anything over here i can leave these empty because i will be using my own claims in the payload i'm going to create via the script so let's just directly jump on to the script part so let me create the api and it is going to be glide jwt api object you can give in the head object any random value key and value pair let it be one two three four now we have a header the next thing we need is the payload where we usually include our claims so first is iss let me give it a service now second let's say sub that is a subject i'll give it as demo third one was aud my intelligence is youtube subscribers and i can also include one more claim that is the expiry time of my token so i have the payload object over here now let me also convert this in to string this image is not stringify unfortunately control space doesn't work here and i need a jwt provider id so my jwt provider was i don't remember this is id so let's go back and get it so this is the one i have created i'll just copy the society from here and we are good this is not the recommended way to give societies in the court usually when we are needing any kind of a society to do a work we create assist property but since this is a demo and i'm just using a background skip this should be fine and i just create one more to generate my jwt token which is api dot generate jwt so for this function generate jwt function my first parameter is my jwt provider so let's just pass it and my second parameter is the header object my third parameter is the payload so let's check out the token generated so this is the token which is generated as part of the keystone the configuration which we did now the second step would be to verify this token if it is a valid token or there is something wrong going on here and it just gave us a random value so i will just directly jump on to jwt dot io and the token which we just created i'm just going to copy paste it over here so it so we can obviously see everything over here like the header which i included was abc1234 and all the payload data which i gave can be seen over here and as of now it says that it is invalid because i have not given the certificate key over here so let's just open the certificate and copy the key now just navigate back and paste it over here so it still sees invalid signature did i just miss something let me just go back to my certificate and i will do ctrl a ctrl c delete ctrl v oh yes it works now so my signature is verified this means that this is a valid token which is generated so in this video we just saw that how we can generate a jwt token which can be used for our integrations okay uh with servicenow using the gwt token and until we see next time stay safe stay healthy and thank you for watching