Last active
July 9, 2023 04:42
-
-
Save mustafaturan/12e7e5c3a170328d37e511795cb3aecd to your computer and use it in GitHub Desktop.
Postman Script for JWT with MD5 request body
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var removeIllegalCharacters = function(input) { | |
return input | |
.replace(/=/g, '') | |
.replace(/\+/g, '-') | |
.replace(/\//g, '_'); | |
}; | |
var base64object = function(input) { | |
var inputWords = CryptoJS.enc.Utf8.parse(JSON.stringify(input)); | |
var base64 = CryptoJS.enc.Base64.stringify(inputWords); | |
var output = removeIllegalCharacters(base64); | |
return output; | |
}; | |
var clientKey = postman.getEnvironmentVariable('client_key'); | |
var clientSecret = postman.getEnvironmentVariable('client_secret'); | |
var url = request.url; | |
var slashIndex = url.toLowerCase().startsWith('http') ? 8 : 0; | |
var path = url.substring(url.indexOf('/', slashIndex), url.length); | |
var exp = Date.now() + 15000; | |
var nbf = Date.now() + 5000; | |
var mth = request.method; | |
var data = ""; | |
if(Object.keys(request.data).length !== 0) { | |
data = request.data; | |
} | |
var jti = CryptoJS.MD5(data).toString(); | |
var header = { 'alg': 'HS256', 'typ': 'JWT' }; | |
var payload = { 'exp': exp, 'nbf': nbf, 'iss': clientKey, 'jti': jti }; | |
var unsignedToken = base64object(header) + "." + base64object(payload); | |
var signatureHash = CryptoJS.HmacSHA256(unsignedToken, clientSecret); | |
var signature = CryptoJS.enc.Base64.stringify(signatureHash); | |
var token = unsignedToken + '.' + signature; | |
postman.setGlobalVariable('jwt_token', removeIllegalCharacters(token)); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment