import ballerina/http;
import ballerina/log;

// Defines the HTTP client to call the JWT auth secured APIs.
// The client is enriched with the `Authorization: Bearer <token>` header by
// passing the `http:JwtIssuerConfig` for the `auth` configuration of the
// client. A self-signed JWT is issued before the request is sent.
http:Client securedEP = check new("https://localhost:9090", {
    auth: {
        username: "wso2",
        issuer: "ballerina",
        audience: ["ballerina", "ballerina.org", "ballerina.io"],
        keyId: "5a0b754-895f-4279-8843-b745e11a57e9",
        customClaims: { "scp": "hello" },
        expTimeInSeconds: 3600,
        signatureConfig: {
            config: {
                keyAlias: "ballerina",
                keyPassword: "ballerina",
                keyStore: {
                    path: "../resources/ballerinaKeystore.p12",
                    password: "ballerina"
                }
            }
        }
    },
    secureSocket: {
        trustStore: {
            path: "../resources/ballerinaTruststore.p12",
            password: "ballerina"
        }
    }
});

public function main() {
    // Send a `GET` request to the specified endpoint.
    var response = securedEP->get("/foo/bar");
    if (response is http:Response) {
        log:print(response.statusCode.toString());
    } else if (response is http:ClientError) {
        log:printError("Failed to call the endpoint.", err = response);
    }
}

Secured Client with Self Signed JWT Auth

A client, which is secured with self-signed JWT can be used to connect to a secured service.
The client is enriched with the Authorization: Bearer <token> header by passing the http:JwtIssuerConfig to the auth configuration of the client. A self-signed JWT is issued before the request is sent.

For more information on the underlying module, see the OAuth2 module.

 
import ballerina/http;
import ballerina/log;

http:Client securedEP = check new("https://localhost:9090", {
    auth: {
        username: "wso2",
        issuer: "ballerina",
        audience: ["ballerina", "ballerina.org", "ballerina.io"],
        keyId: "5a0b754-895f-4279-8843-b745e11a57e9",
        customClaims: { "scp": "hello" },
        expTimeInSeconds: 3600,
        signatureConfig: {
            config: {
                keyAlias: "ballerina",
                keyPassword: "ballerina",
                keyStore: {
                    path: "../resources/ballerinaKeystore.p12",
                    password: "ballerina"
                }
            }
        }
    },
    secureSocket: {
        trustStore: {
            path: "../resources/ballerinaTruststore.p12",
            password: "ballerina"
        }
    }
});

Defines the HTTP client to call the JWT auth secured APIs. The client is enriched with the Authorization: Bearer <token> header by passing the http:JwtIssuerConfig for the auth configuration of the client. A self-signed JWT is issued before the request is sent.

 
public function main() {

    var response = securedEP->get("/foo/bar");
    if (response is http:Response) {
        log:print(response.statusCode.toString());
    } else if (response is http:ClientError) {
        log:printError("Failed to call the endpoint.", err = response);
    }
}

Send a GET request to the specified endpoint.

 
# Before testing this sample, first start a sample service secured with JWT Auth.
# To run this sample, navigate to the directory that contains the `.bal` file,
# and execute the `bal run` command below.
# (You may need to change the keystore path. A sample keystore file is
# available in the distribution.
# The file path is <ballerina.home>/examples/resources/ballerinaKeystore.p12)
bal run secured_client_with_self_signed_jwt_auth.bal
time = 2021-01-20 20:04:13,261 level = INFO  module = "" message = "200"