PowerShell and JSON Web Token Handler

Yesterday, I've been trying to to get Google Admin SDK Directory API (which replaces Google Apps Provisioning API) to work with PowerShell and JSON Web Token (JWT) Handler.

Unfortunately, JWT Handler did not like certificate generated by Google APIs console. I kept receiving the following error:

Exception calling "WriteToken" with "1" argument(s): "Jwt10530: The 'System.IdentityModel.Tokens.X509AsymmetricSecurityKey' for signing cannot be smaller than '2048' bits. Parameter name: key.KeySize Actual value was 1024."

Google APIs console generates a private key of 1024 bits and JWT Handler requires the private key to be at least 2048 bits. The only way I saw to get around this was not to use JWT Handler when connecting to Google's new APIs. (A future post will demonstrate this.)

If you are working with JWT-enabled web services that support private keys 2048 bits and greater, then you can use the PowerShell code below.

Tested using Windows 8, PowerShell 3.0, .NET Framework 4.5, JSON Web Token Handler For the Microsoft .Net Framework 4.5 1.0, Win32 OpenSSL 1.0.1eNuGet Command-Line Utility 2.7.

  1. Download NuGet Command-Line Utility.
  2. Install the JWT Handler:
    nuget.exe Install System.IdentityModel.Tokens.Jwt
  3. Generate test certificate:
    set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg

    C:\OpenSSL-Win64\bin\openssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 -keyout D:\myapp.key -out D:\myapp.crt

    C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in D:\myapp.crt -inkey D:\myapp.key -out D:\myapp.pfx
  1. Add-Type -Path 'D:\Downloads\System.IdentityModel.Tokens.Jwt.dll'  
  3. function Jwt-CreateToken {  
  4.     Param(  
  5.         [string] $issuer,  
  6.         [string] $audience,  
  7.         [string] $certificate,  
  8.         [string] $certificatePassword,  
  9.         [System.Collections.Generic.List[System.Security.Claims.Claim]] $claims = $null  
  10.     )  
  12.     # Make our token valid from now to the next hour.  
  13.     $createDate = Get-Date  
  14.     $lifetime = New-Object System.IdentityModel.Protocols.WSTrust.Lifetime($createDate$createDate.AddHours(1))  
  16.     # Load our certificate.  
  17.     $signingCertificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certificate$certificatePassword"Export")  
  18.     $signingCredentials = New-Object System.IdentityModel.Tokens.X509SigningCredentials($signingCertificate)  
  20.     # Create our JSON web token.  
  21.     $token = New-Object System.IdentityModel.Tokens.JwtSecurityToken($issuer$audience$claims$lifetime$signingCredentials)  
  22.     return (New-Object System.IdentityModel.Tokens.JwtSecurityTokenHandler).WriteToken($token)  
  23. }  
  25. # Example creating/reading a token  
  26. $claims = New-Object System.Collections.Generic.List[System.Security.Claims.Claim]  
  27. $claims.Add((New-Object System.Security.Claims.Claim("scope""https://www.contoso.com/api/users")))  
  28. $encToken = Jwt-CreateToken -issuer "20130829-2236@developer.contoso.com" -audience "https://accounts.contoso.com/oauth2/token" -certificate "D:\myapp.pfx" -certificatePassword "notasecret" -claims $claims  
  29. Write-Host $encToken  
  31. $decToken = (New-Object System.IdentityModel.Tokens.JwtSecurityTokenHandler).ReadToken($encToken)  
  32. $decToken | Format-List  

Configure Environment Variables

Note: This post is part of the BCX Getting Started Guide 3.

After you have downloaded and installed BCX and Pelles C, we can configure BCX or Pelles C to execute in any directory.

Note: In a future post we will discuss creating a Command Prompt shortcut for BCX and Pelles C development, just like the Windows SDK Command Prompt.

For Windows 95 to Windows ME users
Start your favorite text editor and open the file autoexec.bat. Normally, it is located in your root directory of your C drive. If you dual-boot, the location may be different.
Once open, modify the path and add the location of your BCX & Pelles C executables. Because I keep my executables in the C:\Program Files\BCX\bin & C:\Program Files\PellesC\Bin directory, I have my PATH set to C:\Program Files\BCX\bin;C:\Program Files\PellesC\Bin;.

It is normal to see other paths such as c:\windows\command; in your PATH variable. Now close this file and when you restart Windows, BCX and Pelles C will run in any directory.

For Windows NT or Higher Users
In Windows 2000, you will need to bring up the Environment Variables dialog, so do this by pressing down on the Windows key and then press the Pause/Break key.

Now click on the tab labeled Advanced. You should see the "Environment Variables" button. Click that and the Environment Variables dialog will appear.
There should be two frames, one for the current user and the other for the system. Modify the current user by clicking on the variable "Path". Now modify it to point to your BCX and Pelles C directory. It should look the same as the Windows 95 path above, containing the string C:\Program Files\BCX\bin;C:\Program Files\PellesC\Bin;.

Installing BCX

Note: This post is part of the BCX Getting Started Guide 3.

The official BCX distribution package includes examples for Windows GUI, console, dynamic libraries, complete documentation, the BASIC to C translator, and several utilities including a text editor with syntax highlighting.

To get the latest bleeding-edge BCX tools and help files, visit the Yahoo! BCX Discussion Forum. You will need a Yahoo! account and you must be a member of the BCX group to access the files section.
  1. Download and run the BCX installer.
  2. Click the Next > button.
  3. Click the Next > button.
  4. Choose the destination folder, then click the Next > button.
  5. Select Full installation, then click the Next > button.
  6. Click the Next > button.
  7. Click the Next > button.
  8. Click the Install button.
  9. If you do not have LCC-Win32 installed, you may get the error below. You can safely ignore this error and click the OK button.
  10. Click the Finish button.
  11. If you chose to Launch BCX - The Free BASIC To C Translator option, you will see the BCX icon in the system tray. This has shortcuts to various BCX utilities.
  12. Download the BCX 6.8.3 update from the Yahoo! BCX Discussion Forum files section. Extract the BCX683.ZIP file and save the file BC.EXE as C:\Program Files\BCX\Bin\BC.EXE.
  13. Download the BCX Help 6.8.3 update from the Yahoo! BCX Discussion Forum files section. Save the file BCXHelp.chm as C:\Program Files\BCX\Bin\BCXHelp.chm.
  14. Download the Bldbat 3.0.0 update from the Yahoo! BCX Discussion Forum files section. Extract the bld_bat-3.0.0.zip file and save the files BLDBAT.EXE, BSTART.EXE, FTOOL.EXE to C:\Program Files\BCX\Bin\.
  15. Run the file C:\Program Files\BCX\Bin\Bldbat.Exe.
    Note: If you are running Vista or higher with UAC, be sure to right-click Bldbat.exe and Run as administrator. This will ensure you have permission to write to the directory C:\Program Files\BCX\Bin\.
  16. Click the Finish button to generate the files BCXCON.BAT, BCXDLL.BAT, BCXGUI.BAT, PC.BAT, PCALL.BAT, PD.BAT, PDALL.BAT, PW.BAT, PWALL.BAT.

Installing Pelles C

Note: This post is part of the BCX Getting Started Guide 3.

Once BCX converts the BCX BASIC source code to C, it will need to be compiled using a C/C++ compiler. For this guide, we will be using the Pelles C development kit.

Pelles C is a complete development kit for Windows and Windows Mobile. It contains among other things an optimizing C compiler, a macro assembler, a linker, a resource compiler, a message compiler, a make utility and install builders for both Windows and Windows Mobile.
  1. Download and run the Pelles C 6.00 32-bit installer.
  2. Click I accept the terms in the license agreement and click the Next > button.
  3. Click the Next > button.
  4. For install type, select Normal, then click the Next > button.
  5. Choose the destination folder, select Install for all users on this computer, then click the Install > button.
  6. Click the Close button.

BCX Getting Started Guide

Note: This post is part of the BCX Getting Started Guide 3.

It has been over 10 years since the BCX Getting Started Guide has been updated. Instead of having to wait another 10 years for a compiled HTML Help version of the documentation, everything will be made available as posts on this website.

There will be a few tweaks here and there, but there are no new example code. Most of the references for compiling the example code will now refer to the Pelles C Compiler, which is the compiler of choice for BCX. Of course other compatible C/C++ compilers can be used as well, such as the Borland C++ Compiler, Microsoft Visual C++, or LCC-Win32.

Once the guide has been completely updated, a compiled HTML Help version will be made available.

Dialog Converter 3.4

While working on the BCX Getting Started Guide 3, I ran into an issue while compiling the example source code for Dialog Converter against Pelles C. When using Dialog Converter with the /l1 expand function names switch, it defines WinMain as int instead of int WINAPI.

Change log:
- Added return type for WinMain when using /l1 option
- Updated build.bat to use Pelles C instead of LCC-Win32
- Added blank afxres.h for vc example


Didn't pay the bills!

Need to restore code from backups someday. Some of the older code may not be restored. BCX code is available here.

Looking for D-Color XP (mentioned on LifeHacker, Shell Extension City, Softpedia, Windows 100%)? It is available at Softpedia.com.