[Feature Request] RFC 7518 JSON Web Tokens (JWTs)

Hi folks,

I'm a software engineer working to help out with the Google Home Hubitat Community Integration. In particular, I'd like to contribute a few important features (Report State and Local Fulfillment).

These features depend on RFC 7518 JSON Web Tokens (JWTs). Google's version of JWTs requires support for RSA or ECDSA encryption, neither of which seem to be possible with the current Groovy bindings available to Hubitat apps.

I'd like to request support for JWTs, ideally with one of the existing Java libraries for JWT, e.g. jjwt, Jose4j, java-jwt, etc.


+1 for this request. JWT is a widely-used standard that is likely applicable to other apps outside of Google Home as well.

Even just whitelisting the java.security.Signature and java.util.Base64 classes for use by apps would allow JWT signing and verification. Including a full-fledged JWT library like jose4j would be ideal though.


I will add my +1 for this as well.

1 Like

I think Groovy might have support for Base64 as an extension on its bytes type (I can't seem to include links, but I found it on a web search for "groovy gdk base64").

No idea yet if that's filtered out or not. Regardless, we'd also need RSA or ECDSA signatures.

Maybe something @gopher.ny can consider...


Any thoughts on this, Hubitat folks? Should I repost this to the Developers category?

What use scenarios are you looking at?
We use Nimbus JOSE+JWT internally, but it will have to go through an additional security review if it is going to be exposed to apps/drivers. Which means it will definitely not be in 2.2.7.

1 Like

Google's Smart Home APIs use JWTs to allow Hubitat to push updates to their servers (rather than requiring Google's servers to repeatedly fetch data from Hubitat). Google calls this API "Report State".

We'd like to add this push feature to the open source Google Home Community Integration, but the required RSA/ECDSA APIs are not exposed to Groovy right now.

Nimbus JOSE+JWT would be perfect for us. No rush on getting it into 2.2.7. Really appreciate you taking a look!

More folks are asking for the ability to have the open source Google Home Community Integration to be able to push updates to Google.

It'd be awesome if Nimbus JOSE+JWT could be added to the Groovy allowlist to unblock this.

Download the Hubitat app