Closed zarkones closed 2 years ago
arinto
commented
2 years ago JWT is encoded using Base64 URL encoding (see RFC7519).
And, _ is a valid Base64 URL (see RFC4648).
So, to decode the SignedString, use Base64URL decoder (IIRC: https://pkg.go.dev/encoding/base64#URLEncoding)
zarkones
commented
2 years ago The thing is @arinto. I'm trying to decode it with TypeScript using Node's "jsonwebtoken" library. https://www.npmjs.com/package/jsonwebtoken
oxisto
commented
2 years ago The thing is @arinto. I'm trying to decode it with TypeScript using Node's "jsonwebtoken" library. https://www.npmjs.com/package/jsonwebtoken
The package you are referring to seems old and unsupported. It seems to be based on an early JWT draft. I would suggest upgrading to a newer library. As @arinto correctly mentioned, JWT uses Base64 URL encoding and _ is a valid character.
The string returned contains underscore character which isn't a valid Base64 character.
Here are the valid ones https://stackoverflow.com/questions/13195143/range-of-valid-character-for-a-base-64-encoding
My settings are: 4096 length of a private key used for signing, algorithm is jwt.SigningMethodRS512.
Code which reproduces the issue is at https://github.com/zarkones/XENA in 'stage' branch at /bots/xena-bot-apep/atila.go#309. Commit: f95d2d145c3ae2a43379ff3e1b9861e96e632d89