-
-
Save corbanb/db03150abbe899285d6a86cc480f674d to your computer and use it in GitHub Desktop.
| function base64url(source) { | |
| // Encode in classical base64 | |
| encodedSource = CryptoJS.enc.Base64.stringify(source); | |
| // Remove padding equal characters | |
| encodedSource = encodedSource.replace(/=+$/, ''); | |
| // Replace characters according to base64url specifications | |
| encodedSource = encodedSource.replace(/\+/g, '-'); | |
| encodedSource = encodedSource.replace(/\//g, '_'); | |
| return encodedSource; | |
| } | |
| function addIAT(request) { | |
| var iat = Math.floor(Date.now() / 1000) + 257; | |
| data.iat = iat; | |
| return data; | |
| } | |
| var header = { | |
| "typ": "JWT", | |
| "alg": "HS256" | |
| }; | |
| var data = { | |
| "fname": "name", | |
| "lname": "name", | |
| "email": "email@domain.com", | |
| "password": "abc123$" | |
| }; | |
| data = addIAT(data); | |
| var secret = 'myjwtsecret'; | |
| // encode header | |
| var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header)); | |
| var encodedHeader = base64url(stringifiedHeader); | |
| // encode data | |
| var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data)); | |
| var encodedData = base64url(stringifiedData); | |
| // build token | |
| var token = encodedHeader + "." + encodedData; | |
| // sign token | |
| var signature = CryptoJS.HmacSHA256(token, secret); | |
| signature = base64url(signature); | |
| var signedToken = token + "." + signature; | |
| postman.setEnvironmentVariable("payload", signedToken); |
var jwtSecret = xxxx
var app_key=yyyy
// Set headers for JWT
var header = {
'alg': 'HS256'
};
// Prepare timestamp in seconds
var currentTimestamp = Math.floor(Date.now() / 1000)
var data = {
'iss': app_key,
'iat': currentTimestamp,
}
function base64url(source) {
// Encode in classical base64
encodedSource = CryptoJS.enc.Base64.stringify(source)
// Remove padding equal characters
encodedSource = encodedSource.replace(/=+$/, '')
// Replace characters according to base64url specifications
encodedSource = encodedSource.replace(/\+/g, '-')
encodedSource = encodedSource.replace(/\//g, '_')
return encodedSource
}
// encode header
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header))
var encodedHeader = base64url(stringifiedHeader)
// encode data
var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data))
var encodedData = base64url(stringifiedData)
// build token
var token = ${encodedHeader}.${encodedData}
// sign token
var signature = CryptoJS.HmacSHA256(token, jwtSecret)
signature = base64url(signature)
var signedToken = ${token}.${signature}
pm.environment.set('jwt', signedToken)
'
this error :
`Array
(
[error] => stdClass Object
(
[status] => 1
[message] => Headers missing or invalid.
)
[status_code] => 401
)`
thanks for this code snippet ;)
This was helpful. I am curious though, what is the reasoning for + 257 on line 16?
didnt work secret for google JWT
i trying RS256
this one generated by your prescript:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . ZaCoMgyjg85nlOgm_dg7ydMe5aZwdR6fj_I5VRKZT7wand this one by jwt.io:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . Y3-ftstpQEyXHFwtanyIyMFBmqdxr5GMWvLlOtuyzwdFzfOQK4sbfkVYejPQQdnxNH3Ve-PzKMtNO80-djODCKkMk-ZRtyQpidpAS89TNYoGBoGz6N1Ojg84GFdTb15W96-QINPG2MxIk43Ccshjs2VvTyvwG8T2Xo-b8i91t0_z-Q_GgsDSlaJuS0L-bd0ve8sL3wqgp3BXodh0XqpZ5_6_3JbecJAwLCrlNoK8WcwOAi5519Ef9FR_pJJFmu5Oi_jzPAzMqo_13FAe-ej9moy4k3EC45kevwiLDnIBkU2n76f5djjdTrI5UxwtUOkgLg_emYVURzFf5rDSZ_ESJhthird part of secret is not the same.
can you help with this?JWT.io says for secret
RSASHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload)
I am trying to RS256 too.
could you share the script ? thanks.
thanks for this code snippet ;)
didnt work secret for google JWT
i trying RS256 this one generated by your prescript:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . ZaCoMgyjg85nlOgm_dg7ydMe5aZwdR6fj_I5VRKZT7wand this one by jwt.io:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . Y3-ftstpQEyXHFwtanyIyMFBmqdxr5GMWvLlOtuyzwdFzfOQK4sbfkVYejPQQdnxNH3Ve-PzKMtNO80-djODCKkMk-ZRtyQpidpAS89TNYoGBoGz6N1Ojg84GFdTb15W96-QINPG2MxIk43Ccshjs2VvTyvwG8T2Xo-b8i91t0_z-Q_GgsDSlaJuS0L-bd0ve8sL3wqgp3BXodh0XqpZ5_6_3JbecJAwLCrlNoK8WcwOAi5519Ef9FR_pJJFmu5Oi_jzPAzMqo_13FAe-ej9moy4k3EC45kevwiLDnIBkU2n76f5djjdTrI5UxwtUOkgLg_emYVURzFf5rDSZ_ESJhthird part of secret is not the same. can you help with this?
JWT.io says for secret
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload)
I am facing the same hurdle. any solution to overcome this?
didnt work secret for google JWT
i trying RS256 this one generated by your prescript:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . ZaCoMgyjg85nlOgm_dg7ydMe5aZwdR6fj_I5VRKZT7wand this one by jwt.io:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . Y3-ftstpQEyXHFwtanyIyMFBmqdxr5GMWvLlOtuyzwdFzfOQK4sbfkVYejPQQdnxNH3Ve-PzKMtNO80-djODCKkMk-ZRtyQpidpAS89TNYoGBoGz6N1Ojg84GFdTb15W96-QINPG2MxIk43Ccshjs2VvTyvwG8T2Xo-b8i91t0_z-Q_GgsDSlaJuS0L-bd0ve8sL3wqgp3BXodh0XqpZ5_6_3JbecJAwLCrlNoK8WcwOAi5519Ef9FR_pJJFmu5Oi_jzPAzMqo_13FAe-ej9moy4k3EC45kevwiLDnIBkU2n76f5djjdTrI5UxwtUOkgLg_emYVURzFf5rDSZ_ESJhthird part of secret is not the same. can you help with this?
JWT.io says for secret
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload)I am facing the same hurdle. any solution to overcome this?
I am also facing the same issue. Has anyone found a solution to this?
In my case changed secret to base64 worked perfectly. Those who are facing problem can try this out
var signature = CryptoJS.HmacSHA256(token, CryptoJS.enc.Base64.parse(secret));
didnt work secret for google JWT
i trying RS256
this one generated by your prescript:
and this one by jwt.io:
third part of secret is not the same.
can you help with this?
JWT.io says for secret
RSASHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload)