Step 1 : Create self-sign certificate and add to key store

  1. keytool -genkey -keyalg RSA -alias aliasname -keystore keystore.js.jks -validity 365 -keysize 2048
  2. keytool -export -alias aliasname -file uwc.crt -keystore keystore.jks -storepass randomstorepassword

step 2: Create .crt file

  1. keytool -export -alias aliasname -file exportfilename.crt -keystore keystore.jks -storepass randomstorepassword

Step 3: Generate assertion token using java

import org.apache.commons.codec.binary.Base64;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
import java.text.MessageFormat;  

public class JWTExample {

  public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {

    String header = "{\"alg\":\"RS256\"}";
    String claimTemplate = "'{'\"iss\": \"{0}\", \"sub\": \"{1}\", \"aud\": \"{2}\", \"exp\": \"{3}\"'}'";

    try {
      StringBuffer token = new StringBuffer();

      //Encode the JWT Header and add it to our string to sign
      token.append(Base64.encodeBase64URLSafeString(header.getBytes("UTF-8")));

      //Separate with a period
      token.append(".");

      //Create the JWT Claims Object
      String[] claimArray = new String[4];
      claimArray[0] = "CONSUMER_ID";
      claimArray[1] = "SALESFORCE USERNAME";
      claimArray[2] = "https://login.salesforce.com";
      claimArray[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300);
      MessageFormat claims;
      claims = new MessageFormat(claimTemplate);
      String payload = claims.format(claimArray);

      //Add the encoded claims object
      token.append(Base64.encodeBase64URLSafeString(payload.getBytes("UTF-8")));

      //Load the private key from a keystore
      KeyStore keystore = KeyStore.getInstance("JKS");

      keystore.load(new FileInputStream("./path/to/keystore.jks"), "randomstorepassword".toCharArray());

      PrivateKey privateKey = (PrivateKey) keystore.getKey("tomcat", "randomstorepassword".toCharArray());

      //Sign the JWT Header + "." + JWT Claims Object
      Signature signature = Signature.getInstance("SHA256withRSA");
      signature.initSign(privateKey);
      signature.update(token.toString().getBytes("UTF-8"));
      String signedPayload = Base64.encodeBase64URLSafeString(signature.sign());

      //Separate with a period
      token.append(".");

      //Add the encoded signature
      token.append(signedPayload);

      System.out.println(token.toString());

    }
    catch (Exception e) {
    	 System.out.println(e);
    }

  }
}



Step 4: GET ACCESS TOKEN


    

  1. JWT bearer tokens are posted to the token endpoint at https://login.salesforce.com/services/oauth2/token
    2. 

  2. SET grant_type = urn:ietf:params:oauth:grant-type:jwt-bearer
    3. 

  3. set assertion = generated bearer token in step 3
    4. 

  4. METHOD = POST
    5.