properly formed jwt token

.gitignore

@@ -11,4 +11,5 @@ docker-compose.yml
 *-linux
 *-macos
 *-win.exe
-substreams-sink-webhook
+substreams-sink-webhook
+*.pem

src/signature/signMessage.bench.ts

@@ -56,7 +56,7 @@ const sig =
 const msg = Buffer.from(timestamp + body);
 
 group("signMessage", () => {
-  bench("ed25519.signMessage", () => signer("ed25519").signMessage(timestamp, body, secretKey));
+  bench("ed25519.signMessage", () => signer("ed25519").signMessage(timestamp + body, secretKey));
   bench("ed25519.verify", () => signer("ed25519").verify(msg, sig, publicKey));
 });
 

src/signature/signature-ed25519.ts

@@ -10,9 +10,8 @@ export const ed25519Signer: Signer = {
     };
   },
 
-  signMessage(timestamp, body, secretKey) {
-    const msg = Buffer.from(timestamp + body);
-    const signed = nacl.sign.detached(msg, Buffer.from(secretKey, "hex"));
+  signMessage(_, body, secretKey) {
+    const signed = nacl.sign.detached(Buffer.from(body), Buffer.from(secretKey, "hex"));
     return Buffer.from(signed).toString("hex");
   },
 

src/signature/signature-jwt.ts

@@ -26,10 +26,18 @@ export const jwtSigner: Signer = {
     };
   },
 
-  async signMessage(timestamp, body, secretKey) {
+  async signMessage(_, body, secretKey) {
     const key = await loadPEMKey("PRIVATE", secretKey);
-    const signature = await subtle.sign("RSASSA-PKCS1-v1_5", key, Buffer.from(timestamp + body));
-    return Buffer.from(signature).toString("base64");
+
+    const header = JSON.stringify({ alg: "RSASSA-PKCS1-v1_5", typ: "JWT" });
+    const headerStr = Buffer.from(header).toString("base64url");
+    const payload = Buffer.from(body).toString("base64url");
+
+    const contents = headerStr + "." + payload;
+    const signature = await subtle.sign("RSASSA-PKCS1-v1_5", key, Buffer.from(contents));
+    const signatureStr = Buffer.from(signature).toString("base64url");
+
+    return contents + "." + signatureStr;
   },
 
   async verify(message, signature, publicKey) {