问题描述
我想对我使用Postman收到的jwt令牌进行解码,并在REST API中实现它.我怎样才能做到这一点?我看到人们发布了用于解码jwt令牌的代码(参考:
hmacSHA256不是一种加密算法,而是一种哈希算法,因此由于哈希是一种单向函数,因此无法对其进行解码.
因为最后一部分的格式为
(base64(header)+." + base64(body)的 HMACSHA256 您可以尝试创建它并使它们相等.
I want to decode jwt token that I received using Postman and implement it in REST API. How can I do that? I saw people posted code to decode the jwt token (reference: How to decode jwt token in javascript without using a library?) but I dont understand how to do it in postman? What url needed to decode the jwt? What headers, authorisation needed?
Postman supports cryptojs library : https://learning.postman.com/docs/writing-scripts/script-references/postman-sandbox-api-reference/#using-external-libraries
Add below example to postman test script:
let jwt = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.UsrGn95rk5DStcC_WwIr3WIv5rHe2IApX56I58l8uyo`
a = jwt.split('.');
//a.forEach(function (val) {
var words = CryptoJS.enc.Base64.parse(a[1]);
var textString = CryptoJS.enc.Utf8.stringify(words);
console.log(textString)
//})
Output:
The hmacSHA256 is not an encryption algorithm but an Hashing algorithm so there is no way to decode it as hashing is one-way function.
as the last part is in the form
HMACSHA256 of ( base64(header) + "." + base64(body) )
you can try creating it and equating both are equal
这篇关于如何在POSTMAN中解码jwt令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!