JWT

To create a JSON Web Token (JWT) for Salesforce on Kali Linux, you can follow the steps below. Kali Linux is a Debian-based Linux distribution, so the process is similar to other Linux environments. You will use tools like OpenSSL for key generation and a programming language (e.g., Python) to generate the JWT.

Step 1: Install Required Tools

Ensure you have the necessary tools installed on Kali Linux:

OpenSSL:
- OpenSSL is pre-installed on Kali Linux. Verify by running:
```
✄𐘗openssl version
```
- If not installed, use:
```
✄𐘗sudo apt update
sudo apt install openssl
```
Python:
- Python is pre-installed on Kali Linux. Verify by running:
```
✄𐘗python3 --version
```
- If not installed, use:
```
✄𐘗sudo apt update
sudo apt install python3
```
Python Libraries:
- Install the PyJWT library for generating JWTs:
```
✄𐘗pip3 install pyjwt
```

Step 2: Generate a Private-Public Key Pair

Use OpenSSL to generate the private and public keys:

Generate Private Key:

✄𐘗openssl genrsa -out private.key 2048

Generate Public Key:

✄𐘗openssl rsa -in private.key -pubout -out public.key

Verify Keys:
- View the private key:
```
✄𐘗cat private.key
```
- View the public key:
```
✄𐘗cat public.key
```
Upload Public Key to Salesforce:
- Log in to Salesforce and navigate to Setup > App Manager > Select your Connected App > Edit Policies > Upload the public key under Certificate and Key Management.

Step 3: Create the JWT Using Python

Use Python to generate the JWT. Below is the Python script:

Python Script (`generate_jwt.py`)

python code block:

✄𐘗import jwt
import time

# Define the private key
private_key = """
-----BEGIN RSA PRIVATE KEY-----
YOUR_PRIVATE_KEY_HERE
-----END RSA PRIVATE KEY-----
"""

# Define the JWT payload
payload = {
    "iss": "YOUR_CONSUMER_KEY",  # Consumer Key from Salesforce Connected App
    "sub": "YOUR_SALESFORCE_USERNAME",  # Salesforce username
    "aud": "https://login.salesforce.com",  # Use https://test.salesforce.com for sandbox
    "exp": int(time.time()) + 300  # Token expiration time (5 minutes from now)
}

# Generate the JWT
token = jwt.encode(payload, private_key, algorithm="RS256")
print("Generated JWT:")
print(token)

Steps to Run the Script

Save the script as generate_jwt.py.
Run the script:
```
✄𐘗python3 generate_jwt.py
```
The script will output the JWT token.

Step 4: Use the JWT to Obtain an Access Token

Send the JWT to Salesforce using curl to obtain an access token.

Example Command

✄𐘗curl -X POST https://login.salesforce.com/services/oauth2/token \
  -d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
  -d "assertion=YOUR_JWT"

Replace YOUR_JWT with the JWT generated in the previous step.

Example Response

json code block:

✄𐘗{
  "access_token": "00Dxx0000000000!AQEAQI...",
  "instance_url": "https://yourInstance.salesforce.com",
  "id": "https://login.salesforce.com/id/00Dxx0000000000/005xx000001Sv6e",
  "token_type": "Bearer",
  "issued_at": "1693142400",
  "signature": "abcdef123456..."
}

Step 5: Use the Access Token

Use the access_token to make authenticated API requests to Salesforce.

Example API Request

✄𐘗curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     https://yourInstance.salesforce.com/services/data/v57.0/sobjects/Account

Troubleshooting

Invalid Grant Error:
- Ensure the sub field matches the Salesforce username.
- Ensure the aud field matches the correct Salesforce environment (login.salesforce.com or test.salesforce.com).
Expired Token:
- Ensure the exp field is set to a future time (e.g., 5 minutes from now).
Invalid Signature:
- Ensure the private key matches the public key uploaded to Salesforce.

Debugging:

Use verbose mode in curl to debug:

✄𐘗curl -v -X POST https://login.salesforce.com/services/oauth2/token \
  -d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
  -d "assertion=YOUR_JWT"

Additional Resources

Let me know if you need further assistance!

JWT