(Node.js) Create JWT using a Brainpool EC Key

See more JSON Web Token (JWT) Examples

Demonstrates how to create a JWT using an EC private key. This is for JOSE headers having an "alg" member with any of the following values:

BP160R1
BP192R1
BP224R1
BP256R1
BP320R1
BP384R1
BP512R1

This example also demonstrates how to include time constraints:

nbf: Not Before Time
exp: Expiration Time
iat: Issue At Time

Install Chilkat for Node.js and Electron using npm at

Chilkat npm packages for Node.js
Chilkat npm packages for Electron
on Windows, Linux, MacOS

var os = require('os');
if (os.platform() == 'win32') {  
  var chilkat = require('@chilkat/ck-node23-win64'); 
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node23-linux-arm');
    } else if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node23-linux-arm64');
    } else {
        var chilkat = require('@chilkat/ck-node23-linux-x64');
    }
} else if (os.platform() == 'darwin') {
  var chilkat = require('@chilkat/ck-node23-mac-universal');
}

function chilkatExample() {

    // Demonstrates how to create a JWT using a brainpool EC private key.

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    var privKey = new chilkat.PrivateKey();

    // Load a brainpool EC key.
    var success = privKey.LoadPemFile("c:/qa_data/pem/ec_brainpool_privKey.pem");
    if (success !== true) {
        console.log(privKey.LastErrorText);
        return;
    }

    // You can examine the curve name of the key you just loaded by getting the private in XML format:
    // <ECCKeyValue curve="CURVE_NAME">...</ECCKeyValue>
    console.log(privKey.GetXml());

    var jwt = new chilkat.Jwt();

    // Build the JOSE header
    var jose = new chilkat.JsonObject();
    // Use the brainpool curve name matching the private key you just loaded.
    // Use "BP256R1", or "BP384R1", etc.   
    success = jose.AppendString("alg","BP256R1");
    success = jose.AppendString("typ","JWT");

    // Now build the JWT claims (also known as the payload)
    var claims = new chilkat.JsonObject();
    success = claims.AppendString("iss","http://example.org");
    success = claims.AppendString("sub","John");
    success = claims.AppendString("aud","http://example.com");

    // Set the timestamp of when the JWT was created to now.
    var curDateTime = jwt.GenNumericDate(0);
    success = claims.AddIntAt(-1,"iat",curDateTime);

    // Set the "not process before" timestamp to now.
    success = claims.AddIntAt(-1,"nbf",curDateTime);

    // Set the timestamp defining an expiration time (end time) for the token
    // to be now + 1 hour (3600 seconds)
    success = claims.AddIntAt(-1,"exp",curDateTime+3600);

    // Produce the smallest possible JWT:
    jwt.AutoCompact = true;

    // Create the JWT token.  This is where the ECC signature is created.
    var token = jwt.CreateJwtPk(jose.Emit(),claims.Emit(),privKey);

    console.log(token);

}

chilkatExample();