0

I'm trying to access a site that requires a JWT to use it's API.

So I wrote this code in order to generate it:

library(jose)

secret = "ed577ae6d3661fec225c24"

jwt = jwt_encode_hmac(
  claim = jwt_claim(
    exp = as.numeric(Sys.time() + 300)
  ),
  #secret = hex2raw(secret), 
  secret = openssl::base64_encode(hex2raw(secret)),
  
  header = list(
    id = "643716473b35aa003d3d6")
)

The resulting JWT is:

> jwt
[1] "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImlkIjoiNjQzNzE2NDczYjM1YWEwMDNkM2Q2In0.eyJleHAiOjE2ODEzNTk5MzAsImlhdCI6MTY4MTM1OTYzMH0.qf8frkpXOGhoe3_LJF4Xls6QFlWloG5qQsAf9gSN-rM"

When I paste that JWT into jwt.io, I get Invalid Signature.

enter image description here

I've tried not encoding to 64 and I've also tried charToRaw but got the same Invalid Signature.

Any ideas?

Thanks,

Juan M
  • 119
  • 10

1 Answers1

1

Your secret to enter are the 7Vd65tNmH+wiXCQ= octets. Because your code takes "ed577ae6d3661fec225c24" the hex octets, decodes them to raw, then encodes them into base64 as the secret).

validated signature on jwt.io validated signature using npmjs.com/package/jose

  • Thanks Filip! I understand what you posted, think I've got it working now because I'm using the generated JWT to hit an API that requires it, and after several tries it finally worked. I've just used the hex2raw without encoding it to base64 and it seems to be working. Thanks. – Juan M Apr 13 '23 at 14:38