The OAuth2 keystore type selection requires the appropriate encryption algorithm. PAS for OpenEdge OAuth2 encryption algorithms include:
  • HMAC implements the Keyed-Hash Message Authentication Code (HMAC).
  • RSA (Rivest–Shamir–Adleman) public and private key encryption.

Configure the HMAC or RSA type

Choose the JWT signature validation to be performed by setting the following property in the oeablSecurity.properties file: 
jwtToken.signatureAlg={ HS256 | HS384 | HS512 | RS256 | RS384 | RS512 }
Note: All HSxxx types apply to the HMAC signature algorithm. All RSxxx types apply to the RSA (public and private) signature algorithm.

Configure the HSxxx signature validation encryption key

The HSxxx encryption key is a single value configured in the oeablSecurity.properties file:

jwtToken.macKey=value
value
A string value, either clear text or encoded text. Encoded text is the output of oe-install-dir/bin/stspwdutil
Note: Because the encryption key is a single value, PAS for OpenEdge supports only one authorization server for each OEABL web application configuration.

Configure the RSxxx signature validation encryption key

Support for accessing the RSA public keys includes:

  • A Java (.p12) encrypted keystore file containing a digital certificate holding the single RSA public key
  • A file system directory holding the single PEM-encoded RSA public key
  • A JSON Web Key (JWK) set that holds multiple RSA public keys, and is selected by the JWT header's kid claim