The Swoop Developer Hub - Password Free Authentication

Welcome to the Swoop developer hub. You'll find comprehensive guides and documentation to help you start working with Swoop as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    
Ask A Question

Questions

1
ANSWERED

Unable to verify token signature using pyjwt :(

Hi - attempting to verify the token signature I get when a user logs in, but it appears that the result I'm getting does not match the signature hash. Example using id_token (HS256) "id_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InN3b29wIn0.eyJpc3MiOiJodHRwczovL2F1dGguc3dvb3AuZW1haWwiLCJzdWIiOiI1ZWYyMzlhNDhjNzY0MjAwMDQzOWFhYjYiLCJhdWQiOiJzd29vcF9ya2wyeTRrYnM3cmFjcyIsIm5vbmNlIjoiU19oM2N4anB2d24iLCJlbWFpbCI6ImNsaW50ZGF5QGRheXRlY2guYXBwIiwiaWF0IjoxNTkzMDIxNTEzLCJleHAiOjE1OTMwMjE4MTN9.kpkX6wHYqxn2GqPxMLqdxg7zMxVjzAfdjfhPlqWUt6M" Here is the header+payload eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InN3b29wIn0.eyJpc3MiOiJodHRwczovL2F1dGguc3dvb3AuZW1haWwiLCJzdWIiOiI1ZWYyMzlhNDhjNzY0MjAwMDQzOWFhYjYiLCJhdWQiOiJzd29vcF9ya2wyeTRrYnM3cmFjcyIsIm5vbmNlIjoiU19oM2N4anB2d24iLCJlbWFpbCI6ImNsaW50ZGF5QGRheXRlY2guYXBwIiwiaWF0IjoxNTkzMDIxNTEzLCJleHAiOjE1OTMwMjE4MTN9 Here is the signature: kpkX6wHYqxn2GqPxMLqdxg7zMxVjzAfdjfhPlqWUt6M I hash the header+payload along with my secret with HS256, which returns a base64 string. I then convert that string to base64url, which, if I understand this properly, should return the signature hash of whatever token I'm verifying. However, my signature is not matching what I'm getting from the tokens. I've been banging my head against the wall for over a day now. What am I missing? I realize that I can decode the header and payload to get the info I need about the user logins, but not very secure... Can someone please provide a working example of a token signature being verified?? Example of my python code: import jwt key = 'not_actually_posting_my_secret' encoded = jwt.encode({"id_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InN3b29wIn0.eyJpc3MiOiJodHRwczovL2F1dGguc3dvb3AuZW1haWwiLCJzdWIiOiI1ZWYyMzlhNDhjNzY0MjAwMDQzOWFhYjYiLCJhdWQiOiJzd29vcF9ya2wyeTRrYnM3cmFjcyIsIm5vbmNlIjoiU19oM2N4anB2d24iLCJlbWFpbCI6ImNsaW50ZGF5QGRheXRlY2guYXBwIiwiaWF0IjoxNTkzMDIxNTEzLCJleHAiOjE1OTMwMjE4MTN9"}, key, algorithm='HS256') decoded = jwt.decode(encoded, key, algorithms='HS256') print(decoded)

Posted by 4 months ago