This year old thread Connect apex and Google API using JWT to retrieve Oauth 2.0 token was started before the Crypto class included the 'RSA-SHA256' signing algorithm. Now that this algorithm is available, has anyone got this flow to work initiating it from Apex code?
The documentation says:
RSA-SHA256 is an RSA signature of a SHA256 hash
The Salesforce OAuth 2.0 JWT Bearer Token Flow sample code uses a Java 'SHA256withRSA' that some Googling suggests is similar but may not be the same.
My current attempts result in a response "invalid assertion". This may be a programming error on my part but I am concerned that it may also be a signing algorithm mismatch.
Best Answer
I now have this working for the specific case of connecting back to Salesforce from Salesforce. So essentially it is a port of the Java sample code to Apex. So it appears that Apex's RSA-SHA256 is indeed equivalent to Java's SHA256withRSA.
Steps to get this to work were also:
In terms of using this protocol to connect to other identity providers such as Google, the (draft) spec says that:
The Crypto.generateMac method appears to support hmacSHA256 (alg "HS256" in JWT) so that might be the right choice in some cases.
PS
The Apex code is posted here An Apex implementation of the OAuth 2.0 JWT Bearer Token Flow.