Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,141 questions
Azure Data factory - jwt token using Key Vault certificate
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 30%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Ryan Abbey
0
Reputation points
There doesn't appear to be a lot of help on the internet for this so hopefully someone has managed to achieve this!
We need to create a JWT token to pass on for authentication to Salesforce. A certificate has been created and placed within our Key Vault. According to JWT requirements, the process is to base64 a header and '.' concatenate with a base64 message and then sign this using the certificate. However, when passing in the <b64 header>.<b64 message>, we get the error
{"error":{"code":"BadParameter","message":"Content of 'value' is not base64url.\r\nProperty 'value' is required.\r\n"}}
Given we have to concatenate the two fields together, it won't be a base64 value, is there any way around this? Can we JWT sign using Data Factory?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Akhilesh 5,325 Reputation points Microsoft Vendor2024-05-07T10:40:33.82+00:00 Hi @Ryan Abbey
Thank you for reaching out to us!
The error message indicates that the concatenated value is not base64url. To resolve this, encode the concatenated value to base64url.
Regular base64 encoding is not safe to include in a URL because it includes characters like ‘+’, ‘/’, and ‘=’. To make it safe to include in a URL, base64url encoding replaces them with safe characters. In base64url encoding, the ‘+’ and ‘/’ characters are replaced with ‘-’ and ‘_’ respectively, and the padding character ‘=’ is removed.
Regarding JWT signing using Data Factory, Data Factory does not have a built-in capability to sign JWT tokens. However, you can use Azure Functions or Azure Logic Apps to implement JWT signing and integrate them with Azure Data Factory.
-
Ryan Abbey 0 Reputation points
2024-05-07T23:04:18.92+00:00 The error message indicates that the concatenated value is not base64url. To resolve this, encode the concatenated value to base64url.
Not overly helpful when the signature needs to be utilising the <base64>.<base64> format
Azure functions are known about but didn't want a roundabout way if Key Vault could do the work... but not particularly suprising that Microsoft implemented something that requires workarounds
Sign in to comment