Friday, June 20, 2025

🔐 How to Decode a JWT Token in PeopleCode Using Java (No Extra Libraries)

Use Case: Securely decode and inspect a JWT (JSON Web Token) in PeopleSoft using native Java classes, without relying on external libraries or PeopleCode JSON parsers.

 Why Decode a JWT in PeopleCode?

In modern PeopleSoft integrations — especially with OAuth 2.0, SSO (Single Sign-On), and Microsoft Azure AD authentication — JWTs (JSON Web Tokens) are used to pass identity and authorization information. For example:

  • A REST API request might carry a JWT in the Authorization header.

  • You might need to extract user identity (upn, email, roles) from the token.

  • You want to verify what claims (data) were issued in the JWT — without calling external tools.

🛠️ The Challenge

PeopleCode doesn't have built-in JWT libraries or even a native Base64 URL decoder. But with a little help from standard Java classes (available in all PeopleTools environments), we can manually decode and read the JWT payload.

✅ Use Case

Let’s say:

  • You have an OAuth-secured API call hitting PeopleSoft.

  • You’re intercepting the JWT from the %Request.GetHeader("Authorization") PeopleCode method.

  • You want to read the user identity inside the token for auditing or mapping purposes.

🔧 Sample PeopleCode: Decode JWT Payload (Pure Java, No Parser Yet)

peoplecode
Local string &jwt, &payload, &decodedPayload;
Local array of string &parts;
Local number &mod4;
Local JavaObject &decoder, &payloadBytes, &decodedBytes, &decodedString;

/* Step 1: Build the JWT from pieces (used here for testing only) */
&part1 = "..";
&part2 = "..";
&part3 = "..";
&part4 = "..";
&part5 = "..";
&jwt = &part1 | &part2 | &part3 | &part4 | &part5;



/* Step 2: Split the JWT */
&parts = Split(&jwt, ".");

If &parts.Len >= 2 Then
   /* Step 3: Get payload part */
   &payload = &parts[2];

   /* Step 4: Normalize Base64URL */
   &payload = Substitute(&payload, "-", "+");
   &payload = Substitute(&payload, "_", "/");

   /* Step 5: Add padding */
   &mod4 = Mod(Len(&payload), 4);
   If &mod4 = 2 Then
      &payload = &payload | "==";
   Else
      If &mod4 = 3 Then
         &payload = &payload | "=";
      End-If;
   End-If;

   /* Step 6: Base64 decode using Java */
   &decoder = GetJavaClass("java.util.Base64").getDecoder();
   &payloadBytes = CreateJavaObject("java.lang.String", &payload).getBytes();
   &decodedBytes = &decoder.decode(&payloadBytes);
   &decodedString = CreateJavaObject("java.lang.String", &decodedBytes);
   &decodedPayload = &decodedString.toString();

   /* Step 7: Display decoded JSON payload */
   WinMessage("Decoded JWT Payload: " | &decodedPayload);

Else
   WinMessage("Invalid JWT format.");
End-If;
at No comments:
Subscribe to: Posts (Atom)

🔐 How to Decode a JWT Token in PeopleCode Using Java (No Extra Libraries)

Use Case: Securely decode and inspect a JWT (JSON Web Token) in PeopleSoft using native Java classes, without relying on external libraries...

  • Peoplesoft Encryption
    This Article explains about Peoplesoft Encryption technology. Before explaining , let me discuss about some terms related to Encryption. ...
  • User Profile Emulation in PeopleSoft
    We used to simulate the user issue in non prod by changing the password for respective username and login to replicate the issue.Its always...