A Beginner's Guide to JWTs

hdogan · June 22, 2023, 6:41pm

I tried following steps in Linux. Although, header and payload are not tampered, signature and output doesn’t match. What am I missing?

token="eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiSm9lIENvZGVyIn0.5dlp7GmziL2QS06sZgK4mtaqv0_xX4oFUuTDh1zHK4U"
signature=$(echo $token | cut -f 3 -d '.')
secret_key_in_hex=$(echo -n $signature'=' | basenc -d --base64url | hexdump -ve '/1 "%02x"')
headpay=$(echo $token | cut -f -2 -d '.')
echo -n $headpay | openssl dgst -sha256 -macopt hexkey:${secret_key_in_hex} -mac hmac -binary | basenc --base64url | sed 's/=//'

Post		Replies	Views
Tutorial: Create and Verify JWTs in Java Developer Blog Comments	8	3777	July 8, 2021
Okta AS Keys mismatch what jwt.io reports Questions	2	3647	February 8, 2024
Simple Token Authentication for Java Apps Developer Blog Comments	7	3168	March 8, 2022
Token RSA public key from modulus Questions	2	3858	June 27, 2021
Decode JWTs in C# for Authorization Developer Blog Comments	3	2930	August 10, 2021

A Beginner's Guide to JWTs

Related topics