Idea Summary

Many REST APIs requires RS256 for JWT signatures. Recently, Oracle APEX introduces type Key Pair to store Public/Private key as Web Credentials.

However, there is no way to use it to generate signature to create RS256 JWT at this moment.

If sign procedure is provided, RS256 JWT can be generated without security concern of Private Key.

Use Case

Some Google API requires RS256 JWT (Service Account) to generate access token. Not only Google, many services requires RS256 JWT or RSA signature to access their service.

Preferred Solution (Optional)

At a minimum, a wrapper of DBMS_CRYPTO.SIGN like below would work.

APEX_CRYPTO.SIGN(
    src IN RAW,
    p_credential_static_id in varchar2,
    pubkey_alg IN BINARY_INTEGER,
    sign_alg IN BINARY_INTEGER)
RETURN RAW;