Creating a JWT token in script using java cyrpto packages

hamzaathar · ‎06-12-2025

I have created a script include to generate JWT tokens for authorization purposes on a separately hosted web app.

The script include is in the global scope and accessible to all applications.

I am getting an "Illegal attempt to access class 'javax.crypto.Mac' via script" error when running the script include.

Code snippet:

signHMACSHA256: function(data, secret) {
        var mac = new Packages.javax.crypto.Mac.getInstance("HmacSHA256");
        var secretKey = new Packages.javax.crypto.spec.SecretKeySpec(secret.getBytes(), "HmacSHA256");
        mac.init(secretKey);
        var rawHmac = mac.doFinal(new java.lang.String(data).getBytes());
        return GlideStringUtil.base64Encode(rawHmac).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
    },

Any solutions to access this package? Or alternate solutions to generating JWT.

Abbas_5 · ‎06-12-2025

Hello @hamzaathar,

Please refer to the below link's:
https://www.servicenow.com/docs/de-DE/bundle/vancouver-platform-security/page/administer/security/co...

OR
https://www.youtube.com/watch?v=nx_4qgTRDFE

If this is helpful, please hit the thumbs up button and accept the correct solution by referring to this solution in future it will be helpful to them.

Thanks & Regards,

Abbas Shaik

View solution in original post

Abbas_5 · ‎06-12-2025