jonasroussel
commented
5 months ago Added in the last version: https://pub.dev/packages/dart_jsonwebtoken/versions/2.14.0
Closed JSosna closed 5 months ago
jonasroussel
commented
5 months ago Added in the last version: https://pub.dev/packages/dart_jsonwebtoken/versions/2.14.0
Description
This pull request adds support for base64-encoded secrets within the HMAC algorithm in the library. This enhancement enables users to specify whether their secret key is base64-encoded by passing the optional named parameter isBase64Encoded. This functionality is especially relevant when working with systems that distribute secret keys in base64-encoded formats, a common scenario evidenced by the presence of such an option on the jwt.io platform.
The need for this change arose while verifying a base64 encoded secret key provided by the ThingsBoard platform, which signs its tokens with such a key. If there is an alternative method to handle base64 encoded secrets that I have overlooked, I welcome feedback. Please guide me to the correct approach or feel free to close this pull request.
Changes made:
isBase64Encodedhas been introduced in theSecretKeyclass, defaulting to false.HMACAlgorithmclass has been updated to decode the base64 secret key whenisBase64Encodedis set to true. This decoded key is then used to generate the HMAC for token signing or verification.isBase64Encodedparameter is not set.Testing:
For verification purposes, here is a simple JWT token and its corresponding secret:
https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0QGV4YW1wbGUuY29tIiwiaWF0IjoxNzEyMTI0Nzg3LCJleHAiOjE4MjIxMzM3ODd9.vCVkO4q5mKr1QG3yqCNCP9oh0byb7fPe-snOPn7XTLKWiEk-19reuTF4iIzvjxCAHcmQ7bYUf6vOIbPaXP1aIg
secret:
test(base64 encoded)