These features depend on RFC 7518JSON Web Tokens (JWTs). Google's version of JWTs requires support for RSA or ECDSA encryption, neither of which seem to be possible with the current Groovy bindings available to Hubitat apps.
+1 for this request. JWT is a widely-used standard that is likely applicable to other apps outside of Google Home as well.
Even just whitelisting the java.security.Signature and java.util.Base64 classes for use by apps would allow JWT signing and verification. Including a full-fledged JWT library like jose4j would be ideal though.
I think Groovy might have support for Base64 as an extension on its bytes type (I can't seem to include links, but I found it on a web search for "groovy gdk base64").
No idea yet if that's filtered out or not. Regardless, we'd also need RSA or ECDSA signatures.
What use scenarios are you looking at?
We use Nimbus JOSE+JWT internally, but it will have to go through an additional security review if it is going to be exposed to apps/drivers. Which means it will definitely not be in 2.2.7.
It's super close to what we need, but there are two classes I think need to be added to the allowlist still:
JWTHeader.Builder
JWTClaimsSet.Builder
I wasn't able to find a workaround to use SignedJWT without these two classes being allowlisted. I also messaged @gopher.ny to thank him and let him know there were two classes missing from the allowlist.
Yay! I got things more or less working with Hubitat 2.2.9.131 and implemented the async Report State API using JWT authentication for the Google Home Community Integration:
It's still fairly manual to get the Service Account JSON from Google and convert it to the JWK format which the old version of Nimbus JOSE+JWK included in Hubitat needs.. but it's a start.