NOTE: Apex now has native support for RSA based JWT generation: []
Apex implementation of JWT and JWT Bearer flow. Requires Summer 14 release for RSA-SHA256 support.
#Unsigned JWT
JWT jwt = new JWT('none');
jwt.iss = 'your issuer';
jwt.sub = 'some subject';
jwt.aud = 'some audience';
token = jwt.issue();
#HMAC256 Signed JWT
JWT jwt = new JWT('HS256');
jwt.privateKey = 'base64 encoded secret';
jwt.iss = 'your issuer';
jwt.sub = 'some subject';
jwt.aud = 'some audience';
token = jwt.issue();
#RSA256 Signed JWT with PEM encoded p12
JWT jwt = new JWT('RS256');
jwt.pem = 'MIICXQIBAAKBgQC4U4Bma7kKa0CLU...pem encoded p12 RSA Key';
jwt.iss = 'your issuer';
jwt.sub = 'some subject';
jwt.aud = 'some audience';
token = jwt.issue();
#RSA256 Signed JWT with Certificate from Setup
JWT jwt = new JWT('RS256');
jwt.cert = 'JWTKey';
jwt.iss = 'your issuer';
jwt.sub = 'some subject';
jwt.aud = 'some audience';
token = jwt.issue();
#Change the default expiration By default expiration is 5 minutes (300 seconds). Change it by passing in a validFor in seconds.
JWT jwt = new JWT('none');
jwt.validFor = 60;
#Bearer Flow Use the JWT bearer flow for Server to Server applications.
JWTBearerFlow.getAccessToken('token_endpoint', jwt);
#Salesforce RSA-256 JWT Bearer Flow []
JWT jwt = new JWT('RS256');
jwt.cert = 'JWTKey';
jwt.iss = '3MVG9PhR6g6B7ps6TYoM9J8TuRwyvkAmDUKainDupyG6eJ92nmK8m4LYueD5Lgtnyv0QoWBrB.YjuWCVj_rl_';
jwt.sub = '';
jwt.aud = '';
String access_token = JWTBearerFlow.getAccessToken('', jwt);
#Google RSA-256 JWT Bearer Flow []
JWT jwt = new JWT('RS256');
jwt.pem = 'MIICXQIBAAKBgQC4U4Bma7kKa0CLU...pem encoded p12 RSA Key';
jwt.iss = '';
jwt.sub = 'someuser@some.domain';
jwt.aud = '';
Map<String,String> claims = new Map<String,String>();
claims.put('scope',''); = claims;
String access_token = JWTBearerFlow.getAccessToken('', jwt);