Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
JWT tokenize - Postman Pre-Request Script
function base64url(source) {
// Encode in classical base64
encodedSource = CryptoJS.enc.Base64.stringify(source);
// Remove padding equal characters
encodedSource = encodedSource.replace(/=+$/, '');
// Replace characters according to base64url specifications
encodedSource = encodedSource.replace(/\+/g, '-');
encodedSource = encodedSource.replace(/\//g, '_');
return encodedSource;
}
function addIAT(request) {
var iat = Math.floor(Date.now() / 1000) + 257;
data.iat = iat;
return data;
}
var header = {
"typ": "JWT",
"alg": "HS256"
};
var data = {
"fname": "name",
"lname": "name",
"email": "email@domain.com",
"password": "abc123$"
};
data = addIAT(data);
var secret = 'myjwtsecret';
// encode header
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header));
var encodedHeader = base64url(stringifiedHeader);
// encode data
var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data));
var encodedData = base64url(stringifiedData);
// build token
var token = encodedHeader + "." + encodedData;
// sign token
var signature = CryptoJS.HmacSHA256(token, secret);
signature = base64url(signature);
var signedToken = token + "." + signature;
postman.setEnvironmentVariable("payload", signedToken);
@lmiol

This comment has been minimized.

Copy link

lmiol commented Mar 20, 2019

didnt work secret for google JWT

i trying RS256
this one generated by your prescript:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ
.
eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9
.
ZaCoMgyjg85nlOgm_dg7ydMe5aZwdR6fj_I5VRKZT7w

and this one by jwt.io:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ
.
eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9
.
Y3-ftstpQEyXHFwtanyIyMFBmqdxr5GMWvLlOtuyzwdFzfOQK4sbfkVYejPQQdnxNH3Ve-PzKMtNO80-djODCKkMk-ZRtyQpidpAS89TNYoGBoGz6N1Ojg84GFdTb15W96-QINPG2MxIk43Ccshjs2VvTyvwG8T2Xo-b8i91t0_z-Q_GgsDSlaJuS0L-bd0ve8sL3wqgp3BXodh0XqpZ5_6_3JbecJAwLCrlNoK8WcwOAi5519Ef9FR_pJJFmu5Oi_jzPAzMqo_13FAe-ej9moy4k3EC45kevwiLDnIBkU2n76f5djjdTrI5UxwtUOkgLg_emYVURzFf5rDSZ_ESJh

third part of secret is not the same.
can you help with this?

JWT.io says for secret

RSASHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.