0
header= {"typ":"JWT","alg":"HS256"}
payload = {"iss":"joe","exp":1300819380,"http://example.com/is_root":True}
secret='3d6f45a5fc12445dbac2f59c3b6c7cb1'

Encoded JWS header and JWS payload

encoded_header = str(header).encode('utf-8')
encoded_payload = str(payload).encode('utf-8')
encoded_secret = str(secret).encode('utf-8')
base64_header = base64.b64encode(encoded_header)
base64_payload = base64.b64encode(encoded_payload)
base64_secret = base64.b64encode(encoded_secret)
concat_header_payload= b".".join([base64_header,base64_payload])

After concatenating header and payload I got the result

print(concat_header_payload)
(b'eyd0eXAnOiAnSldUJywgJ2FsZyc6ICdIUzI1Nid9.eydpc3MnOiAnam9lJywgJ2V4cCc6IDEzMDA'
b'4MTkzODAsICdodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCc6IFRydWV9')

The JWS Header & Payload signed using the secret key

jws_sign = hmac.new(
        base64_secret,
        concat_header_payload,
        digestmod=hashlib.sha256
    ).hexdigest()
print(jws_sign)
'fd59d1eae7485eb12a411dbc7d99bff495030495ad602b7d2dbc58f045747fbb'

Now, how should I concatenate JWS Header, JWS payload and JWS signature like this

'eyd0eXAnOiAnSldUJywgJ2FsZyc6ICdIUzI1Nid9.eydpc3MnOiAnam9lJywgJ2V4cCc6IDEzMDA.4MTkzODAsICdodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCc6IFRydWV9.fd59d1eae7485eb12a411dbc7d99bff495030495ad602b7d2dbc58f045747fbb'
Rahul Rajeev
  • 13
  • 4
  • why don't you just use a proper [jwt lib](https://jwt.io/libraries) to do the job? Header, payload and signature are supposed to be Base64Url encoded, you used Base64 for header and payload, and hex for the signature. – jps Apr 28 '22 at 12:14
  • how to use jwt lib in this? – Rahul Rajeev Apr 28 '22 at 12:32
  • use a popular lib like [pyjwt](https://pyjwt.readthedocs.io/en/stable/). You'll find a usage example under that link. It's a one-liner: `encoded_jwt = jwt.encode({"some": "payload"}, "secret", algorithm="HS256")` – jps Apr 28 '22 at 12:37
  • encoded_jwt = jwt.encode({"some": "payload"}, "secret", algorithm="HS256"), here where to put the jws header since I want the result in the form of **jws_header.jws_payload.jws_signature** – Rahul Rajeev Apr 29 '22 at 05:19
  • ` jwt.encode` creates a complete token. Did you try? – jps Apr 29 '22 at 11:52

0 Answers0