-
-
Save corbanb/db03150abbe899285d6a86cc480f674d to your computer and use it in GitHub Desktop.
function base64url(source) { | |
// Encode in classical base64 | |
encodedSource = CryptoJS.enc.Base64.stringify(source); | |
// Remove padding equal characters | |
encodedSource = encodedSource.replace(/=+$/, ''); | |
// Replace characters according to base64url specifications | |
encodedSource = encodedSource.replace(/\+/g, '-'); | |
encodedSource = encodedSource.replace(/\//g, '_'); | |
return encodedSource; | |
} | |
function addIAT(request) { | |
var iat = Math.floor(Date.now() / 1000) + 257; | |
data.iat = iat; | |
return data; | |
} | |
var header = { | |
"typ": "JWT", | |
"alg": "HS256" | |
}; | |
var data = { | |
"fname": "name", | |
"lname": "name", | |
"email": "[email protected]", | |
"password": "abc123$" | |
}; | |
data = addIAT(data); | |
var secret = 'myjwtsecret'; | |
// encode header | |
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header)); | |
var encodedHeader = base64url(stringifiedHeader); | |
// encode data | |
var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data)); | |
var encodedData = base64url(stringifiedData); | |
// build token | |
var token = encodedHeader + "." + encodedData; | |
// sign token | |
var signature = CryptoJS.HmacSHA256(token, secret); | |
signature = base64url(signature); | |
var signedToken = token + "." + signature; | |
postman.setEnvironmentVariable("payload", signedToken); |
didnt work secret for google JWT
i trying RS256 this one generated by your prescript:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . ZaCoMgyjg85nlOgm_dg7ydMe5aZwdR6fj_I5VRKZT7w
and this one by jwt.io:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI5IjkzYzA1ZWQ2NTc4NDRiYWM1ZjBmZGFmYTFhZThjMTdlNjFiZjU4ZDAifQ . eyJpc2MiOiJ2YWluZ2xvcnktbG9yZS10ZXN0MkB2YWluZ2xvcnktbG9yZS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InZhaW5nbG9yeS1sb3JlLXRlc3QyQHZhaW5nbG9yeS1sb3JlLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiYXVkIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3Y0L3Rva2VuIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2RldnN0b3JhZ2UucmVhZF9vbmx5IiwiaWF0IjoxNTUzMDk2ODc0LCJleHAiOjE1NTMxMDA0NzR9 . Y3-ftstpQEyXHFwtanyIyMFBmqdxr5GMWvLlOtuyzwdFzfOQK4sbfkVYejPQQdnxNH3Ve-PzKMtNO80-djODCKkMk-ZRtyQpidpAS89TNYoGBoGz6N1Ojg84GFdTb15W96-QINPG2MxIk43Ccshjs2VvTyvwG8T2Xo-b8i91t0_z-Q_GgsDSlaJuS0L-bd0ve8sL3wqgp3BXodh0XqpZ5_6_3JbecJAwLCrlNoK8WcwOAi5519Ef9FR_pJJFmu5Oi_jzPAzMqo_13FAe-ej9moy4k3EC45kevwiLDnIBkU2n76f5djjdTrI5UxwtUOkgLg_emYVURzFf5rDSZ_ESJh
third part of secret is not the same. can you help with this?
JWT.io says for secret
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload)I am facing the same hurdle. any solution to overcome this?
I am also facing the same issue. Has anyone found a solution to this?
In my case changed secret to base64 worked perfectly. Those who are facing problem can try this out
var signature = CryptoJS.HmacSHA256(token, CryptoJS.enc.Base64.parse(secret));
reference this:
https://www.postman.com/postman/workspace/postman-team-collections/request/8140651-fa914e7e-362a-4698-8a5a-0c81dfebf5f9?tab=scripts
`var navigator = {};
var window = {};
eval(pm.environment.get("jsrsasign-js"));
var scope = pm.environment.get('scope');
var iss = pm.environment.get('iss');
var privateKey = pm.environment.get('privateKey');
const header = {"alg" : "RS256", "typ" : "JWT"};
const claimSet =
{
"iss": iss,
"scope": scope ,
"aud":"https://oauth2.googleapis.com/token",
"exp":KJUR.jws.IntDate.get("now + 1hour").toString(),
"iat": KJUR.jws.IntDate.get("now").toString()
}
console.log(header: ${ JSON.stringify(header)}
);
console.log(claim set: ${ JSON.stringify(claimSet) }
);
console.log(Private Key: ${ privateKey }
);
// let jws = new KJUR.jws.JWS();
var jwt = KJUR.jws.JWS.sign(null, header, claimSet, privateKey);
console.log(jwt);
pm.environment.set('jwt', jwt);`
I am facing the same hurdle. any solution to overcome this?