Last active
February 21, 2024 14:47
-
-
Save corbanb/db03150abbe899285d6a86cc480f674d to your computer and use it in GitHub Desktop.
JWT tokenize - Postman Pre-Request Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function base64url(source) { | |
// Encode in classical base64 | |
encodedSource = CryptoJS.enc.Base64.stringify(source); | |
// Remove padding equal characters | |
encodedSource = encodedSource.replace(/=+$/, ''); | |
// Replace characters according to base64url specifications | |
encodedSource = encodedSource.replace(/\+/g, '-'); | |
encodedSource = encodedSource.replace(/\//g, '_'); | |
return encodedSource; | |
} | |
function addIAT(request) { | |
var iat = Math.floor(Date.now() / 1000) + 257; | |
data.iat = iat; | |
return data; | |
} | |
var header = { | |
"typ": "JWT", | |
"alg": "HS256" | |
}; | |
var data = { | |
"fname": "name", | |
"lname": "name", | |
"email": "email@domain.com", | |
"password": "abc123$" | |
}; | |
data = addIAT(data); | |
var secret = 'myjwtsecret'; | |
// encode header | |
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header)); | |
var encodedHeader = base64url(stringifiedHeader); | |
// encode data | |
var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data)); | |
var encodedData = base64url(stringifiedData); | |
// build token | |
var token = encodedHeader + "." + encodedData; | |
// sign token | |
var signature = CryptoJS.HmacSHA256(token, secret); | |
signature = base64url(signature); | |
var signedToken = token + "." + signature; | |
postman.setEnvironmentVariable("payload", signedToken); |
didnt work secret for google JWT
i trying RS256 this one generated by your prescript:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . ZaCoMgyjg85nlOgm_dg7ydMe5aZwdR6fj_I5VRKZT7w
and this one by jwt.io:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . Y3-ftstpQEyXHFwtanyIyMFBmqdxr5GMWvLlOtuyzwdFzfOQK4sbfkVYejPQQdnxNH3Ve-PzKMtNO80-djODCKkMk-ZRtyQpidpAS89TNYoGBoGz6N1Ojg84GFdTb15W96-QINPG2MxIk43Ccshjs2VvTyvwG8T2Xo-b8i91t0_z-Q_GgsDSlaJuS0L-bd0ve8sL3wqgp3BXodh0XqpZ5_6_3JbecJAwLCrlNoK8WcwOAi5519Ef9FR_pJJFmu5Oi_jzPAzMqo_13FAe-ej9moy4k3EC45kevwiLDnIBkU2n76f5djjdTrI5UxwtUOkgLg_emYVURzFf5rDSZ_ESJh
third part of secret is not the same. can you help with this?
JWT.io says for secret
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload)I am facing the same hurdle. any solution to overcome this?
I am also facing the same issue. Has anyone found a solution to this?
In my case changed secret to base64 worked perfectly. Those who are facing problem can try this out
var signature = CryptoJS.HmacSHA256(token, CryptoJS.enc.Base64.parse(secret));
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am facing the same hurdle. any solution to overcome this?