July 12, 2017

To get payload without signature from jwt accen token

Without using signature, to find the payload:
jws  = header . payload . signature(header.payload.secret)


The important point here is that you (not JWT) are violating the specification by manipulating the JWS, and you're doing it in a calculated way based on your specific use case. This is fine for individual use cases, but probably not for a spec-compliant library like JWT.


 Reference: https://github.com/jwtk/jjwt/issues/135
Jwt Introduction
JWT



No comments:

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know.

My Favorite Site's List

#update below script more than 500 posts