Generate JWT

odd · September 24, 2022, 11:13am

How can I generate a JWT and sign it with a symmetric key?

FairyRoot · September 26, 2022, 3:00am

You can generate the JWT yourself.
Note that it consists of three parts.
1-** the header** {"alg":"HS512","typ":"JWT"} which is base64 encoded
2- the payload {" test":" a"} which is base64 encoded as well
3- the signing key which is the secret key to sign the JWT
4- the signature which is header + . + Payload signed by the signing key using hmac sha512 as the alg in the header suggests.

The signature follows this signing method

HMACSHA512(base64UrlEncode(header) + "." + base64UrlEncode(payload), your-512-bit-secret)

You can follow these steps in OB2 or use the JWT block

And thus, the final result looks like this

base64(header).base64(payload).signature

girolamotancredi · December 30, 2022, 10:32pm

Hi, I’m trying to use the JWT block but can’t figure out what to put in the various sections. Can you explain in detail how to set this block? Thank you.

fuckinoxy · July 10, 2024, 5:14pm

Where would I find the the signing key? HS256 is the algorithm

percebal42 · July 10, 2024, 6:35pm

you can make very easy whit node.
first install node.js if you not have installed.
second open cmd in folder Scripts if not have make folder
third in cmd wtite this command: npm i jsonwebtoken
and now create a config whit that. this only example.

BLOCK:RandomString
  input = "?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a"
  customCharset = ""
  => VAR @Key
ENDBLOCK

BLOCK:ConstantString
  value = @input.PASS
  => VAR @Pass
ENDBLOCK

BLOCK:ConstantString
  value = @input.USER
  => VAR @User
ENDBLOCK

BLOCK:Script
INTERPRETER:NodeJS
INPUT Key,User,Pass
BEGIN SCRIPT
var jwt = require('jsonwebtoken');
var token = jwt.sign({ Username: User, Password: Pass}, Key);

console.log(token);
END SCRIPT
OUTPUT String @token
ENDBLOCK

Ruri · July 10, 2024, 10:38pm

There is a JWT block you can use too, without using Node JS

fuckinoxy · July 13, 2024, 3:56am

how would i be able to get the secret for the jwt token block?

Ruri · July 13, 2024, 1:52pm

If it’s HS256 then it’s symmetric, which usually (in websites) means only the server has the key to sign in. You cannot forge that.

fuckinoxy · July 14, 2024, 12:09am

ah ok was HS256 pretty sure what if it isnt, you have an example of what it would look like?

fuckinoxy · July 14, 2024, 12:19am

what about RS512 how would i go about that?

fuckinoxy · July 14, 2024, 12:30am

or can you show example of using the jwt block

Ruri · July 14, 2024, 1:05am

Read up on how JWT works first https://jwt.io/
The block is pretty straightforward, you put a (json) payload with the claims, the algo, and the key to sign it.

percebal42 · July 14, 2024, 8:58pm

RS512 need password to encrypt privatekey.any info how provided that password in jwt block.

fuckinoxy · July 15, 2024, 2:52am

Yes i know payload & key its more of the “extra headers” part in the block or is it supposed to be blank or how would you go about that?