How to encode/decode jwt token in Oldes/Rebol3 #72
-
|
Hello, I am looking for some library to encode and decode JWT token in order to manage and secure authentication and authorization between client and the server running Oldes/Rebol3. I have been unable to find how to encrypt data with Rebol3 by specifying the algorithm to use (e.g. HS256, RS256, SHA256, etc...) Thank you for your help. François |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 1 reply
-
|
Hi Francois,
I may look at it, but I am now out of keyboard on a mountain trail.
It would help if you would provide some links to documentation because I am
not familiar with it.
Your mentioned algorithms are not implemented in current Rebol, but if
there are available C sources, it would not be a problem to add them.
O.
…On Tue, May 16, 2023, 12:12 François Vanzeveren ***@***.***> wrote:
Hello,
I am looking for some library to encode and decode JWT token in order to
manage and secure authentication and authorization between client and the
server running Oldes/Rebol3.
I have been unable to find how to encrypt data with Rebol3 by specifying
the algorithm to use (e.g. HS256, RS256, SHA156, etc...)
Thank you for your help.
François
—
Reply to this email directly, view it on GitHub
<#72>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADPBFNFJIG2COFZZO6TRALXGNHIXANCNFSM6AAAAAAYDNHGHU>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Hello Oldes There are indeed several libraries in C: This would be great if you could implement this for Rebol3 ! Thank you! François |
Beta Was this translation helpful? Give feedback.
-
|
Here is code which you can use for a simple encoding: jwt: context [
base64UrlEncode: func[data [string! binary! map!]][
if map? data [data: to-json data]
data: enbase/flat/url data 64
trim/with data #"=" ;@@ https://github.com/Oldes/Rebol-issues/issues/2548
]
header: #(
alg: "HS256"
typ: "JWT"
)
set 'encode-jwt func[
payload [map! string!]
secret [string!]
/local data signature
][
data: ajoin [base64UrlEncode header #"." base64UrlEncode payload]
signature: checksum/with data 'SHA256 :secret
ajoin [data #"." base64UrlEncode signature]
]
]
payload: #(
sub: "1234567890"
name: "John Doe"
iat: 1516239022
)
secret: "your-256-bit-secret"
encode-jwt :payload :secret
;== {eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c}
|
Beta Was this translation helpful? Give feedback.
-
|
To get a signature using RSA, you can use something like: key: decode 'ssh-key to binary! {
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7VJTUt9Us8cKj
MzEfYyjiWA4R4/M2bS1GB4t7NXp98C3SC6dVMvDuictGeurT8jNbvJZHtCSuYEvu
NMoSfm76oqFvAp8Gy0iz5sxjZmSnXyCdPEovGhLa0VzMaQ8s+CLOyS56YyCFGeJZ
qgtzJ6GR3eqoYSW9b9UMvkBpZODSctWSNGj3P7jRFDO5VoTwCQAWbFnOjDfH5Ulg
p2PKSQnSJP3AJLQNFNe7br1XbrhV//eO+t51mIpGSDCUv3E0DDFcWDTH9cXDTTlR
ZVEiR2BwpZOOkE/Z0/BVnhZYL71oZV34bKfWjQIt6V/isSMahdsAASACp4ZTGtwi
VuNd9tybAgMBAAECggEBAKTmjaS6tkK8BlPXClTQ2vpz/N6uxDeS35mXpqasqskV
laAidgg/sWqpjXDbXr93otIMLlWsM+X0CqMDgSXKejLS2jx4GDjI1ZTXg++0AMJ8
sJ74pWzVDOfmCEQ/7wXs3+cbnXhKriO8Z036q92Qc1+N87SI38nkGa0ABH9CN83H
mQqt4fB7UdHzuIRe/me2PGhIq5ZBzj6h3BpoPGzEP+x3l9YmK8t/1cN0pqI+dQwY
dgfGjackLu/2qH80MCF7IyQaseZUOJyKrCLtSD/Iixv/hzDEUPfOCjFDgTpzf3cw
ta8+oE4wHCo1iI1/4TlPkwmXx4qSXtmw4aQPz7IDQvECgYEA8KNThCO2gsC2I9PQ
DM/8Cw0O983WCDY+oi+7JPiNAJwv5DYBqEZB1QYdj06YD16XlC/HAZMsMku1na2T
N0driwenQQWzoev3g2S7gRDoS/FCJSI3jJ+kjgtaA7Qmzlgk1TxODN+G1H91HW7t
0l7VnL27IWyYo2qRRK3jzxqUiPUCgYEAx0oQs2reBQGMVZnApD1jeq7n4MvNLcPv
t8b/eU9iUv6Y4Mj0Suo/AU8lYZXm8ubbqAlwz2VSVunD2tOplHyMUrtCtObAfVDU
AhCndKaA9gApgfb3xw1IKbuQ1u4IF1FJl3VtumfQn//LiH1B3rXhcdyo3/vIttEk
48RakUKClU8CgYEAzV7W3COOlDDcQd935DdtKBFRAPRPAlspQUnzMi5eSHMD/ISL
DY5IiQHbIH83D4bvXq0X7qQoSBSNP7Dvv3HYuqMhf0DaegrlBuJllFVVq9qPVRnK
xt1Il2HgxOBvbhOT+9in1BzA+YJ99UzC85O0Qz06A+CmtHEy4aZ2kj5hHjECgYEA
mNS4+A8Fkss8Js1RieK2LniBxMgmYml3pfVLKGnzmng7H2+cwPLhPIzIuwytXywh
2bzbsYEfYx3EoEVgMEpPhoarQnYPukrJO4gwE2o5Te6T5mJSZGlQJQj9q4ZB2Dfz
et6INsK0oG8XVGXSpQvQh3RUYekCZQkBBFcpqWpbIEsCgYAnM3DQf3FJoSnXaMhr
VBIovic5l0xFkEHskAjFTevO86Fsz1C2aSeRKSqGFoOQ0tmJzBEs1R6KqnHInicD
TQrKhArgLXX4v3CddjfTRJkFWDbE/CkvKZNOrcf1nhaGCPspRJj2KUkj1Fhl9Cnc
dn/RsYEONbwQSjIfMPkvxF+8HQ==
-----END PRIVATE KEY-----
}
data: to binary! ajoin ["eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9." base64UrlEncode payload]
signature: rsa/sign :key :data |
Beta Was this translation helpful? Give feedback.
-
|
Thank you very much Oldes! Cheers! François |
Beta Was this translation helpful? Give feedback.
-
|
Just curious... do you really need to use this JWT authorisation? As it is common, there are various methods, how to be attacked. Like described here for the HS256 variant. |
Beta Was this translation helpful? Give feedback.
-
|
Here is an example, how to decode JWT token signed using the HMAC checksums. decode-jwt: func[token secret /local header payload signature part method][
try/except [
parse token [
copy header to #"." skip (header: decode 'json debase/url header 64)
copy payload to #"." (payload: decode 'json debase/url payload 64)
part: ;; used to limit checksum to be counted only on header and payload
skip ;; the dot
copy signature to end (signature: debase/url signature 64)
]
method: select [
"HS256" SHA256
"HS384" SHA384
"HS512" SHA512
"none" 'None
] header/alg
][
print as-red "Failed to decode JWT token!"
exit
]
unless method [
print as-red "Unsupported method!"
exit
]
if method = 'None [
print as-red "Not signed JWT!"
return payload ;; or throw an error!
]
either signature = checksum/part/with token method :part :secret [
payload
][ print as-red "Failed to validate signature!" ]
]
token-hs256: {eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c}
token-hs512: {eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.VFb0qJ1LRg_4ujbZoRMXnVkUgiuKq5KxWqNdbKq_G9Vvz-S1zZa9LPxtHWKa64zDl2ofkT8F6jBt_K4riU-fPg}
decode-jwt :token-hs256 "your-256-bit-secret"
decode-jwt :token-hs512 "your-512-bit-secret" |
Beta Was this translation helpful? Give feedback.
Here is code which you can use for a simple encoding: