I am trying to decode a JSON Web Token using this function:
function parseJwt(token) {
var base64Url = token.split('.')[1];
var base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
var jsonPayload = decodeURIComponent(atob(base64).split('').map(function(c) {
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
}).join(''));
return JSON.parse(jsonPayload);
};
This works fine in my Google Chrome console, but when I try to use it in Google Scripts it says "atob is not defined". I looked up what atob does, which is decode a 64-bit encoded string. But when I use base64Decode(String) it produces an array instead of a string. How can I reproduce atob's behavior? Or is there another way to decode a JWT?
I found out how to decode a JWT from https://developers.google.com/apps-script/reference/script/script-app#getidentitytoken
function parseJwt(token) {
let body = token.split('.')[1];
let decoded = Utilities.newBlob(Utilities.base64Decode(body)).getDataAsString();
return JSON.parse(decoded);
};
Related
I'm having issues with parsing/manipulating URI:
Problem Statement:
I want to encode f[users.comma] and return it.
[Case-1] I get an url from backend service, encode f[users.comma] and return it.
[Case-2] I get an url from backend service and f[users.comma] is already encoded. So don't double encode and return it.
Expected Output:
`/demo/bigquery/order_items?fields=users.email&f[users.comma]=%22Abbeville%2C+Georgia%22`
Code:
const encodedExample = `/demo/bigquery/order_items?fields=users.email&f[users.comma]=%22Abbeville%2C+Georgia%22` // the last param is encoded
const regularExample2 = `/demo/bigquery/order_items?fields=users.email&f[users.comma]="Abbeville, Georgia"` //
const specialEncode = (url) => {
for (let queryParam of urlObj) {
const [urlKey, urlValue] = queryParam
// Check to see if url contains f[users.comma]
if (urlKey.includes('f[')) {
urlObj.set(urlKey, encodeURI(urlValue))
}
}
return urlObj.toString() // doesn't seem to work
}
I feel like I am going offroad with my approach. I'd appreciate some help here.
Since the backend service returns an encoded or decode url
We can first decode the url from the backend service (this won't produce any exceptions if url is already encoded)
const encodedExample = `/demo/bigquery/order_items?fields=users.email&f[users.comma]=%22Abbeville%2C+Georgia%22` // the last param is encoded
const regularExample2 = `/demo/bigquery/order_items?fields=users.email&f[users.comma]="Abbeville, Georgia"`
const specialEncode = (url) => {
let decodedUrl = decodeURI(url);
let encodedUrl = encodeURI(decodedUrl);
// fix "f[users.comma]" because encodeURI will encode the [ and ] as well
encodedUrl = encodedUrl.replace("f%5Busers.comma%5D", "f[users.comma]")
console.log(encodedUrl);
return encodedUrl;
}
specialEncode(encodedExample); // logs and returns: /demo/bigquery/order_items?fields=users.email&f[users.comma]=%22Abbeville%252C+Georgia%22
specialEncode(regularExample2); // logs and returns: /demo/bigquery/order_items?fields=users.email&f[users.comma]=%22Abbeville%252C+Georgia%22
The code above works fine for both encoded and decoded urls
I'm Using node js to create a jwt in my backend server.
I'm using a library to sign/verify a JWT and it work fine. once one jwt.io i paste the token that i got when i sign in and i can see my data in the payload.
So the problem is that I'm trying to generate the signature from header and the payload that i got back in jwt.io
here is what i tryed to do but it did'nt work and i'm confuse a bit.
the algorith used to sign is the default one HS256.
const crypto = require("crypto");
// encode base64 the header
let jsonHeader = JSON.stringify({
alg: "HS256",
typ: "JWT",
});
let bs64header = Buffer.from(jsonHeader).toString("base64").split("=")[0];
console.log("bs64header :>>\n ", bs64header); //look the same as the token i got
// encode vase64 the payload
let jsonPayload = JSON.stringify({
id: "5eb20004ac94962628c68b91",
iat: 1589125343,
exp: 1589989343,
jti: "37743739b1476caa18ca899c7bc934e1aba63ba1",
});
let bs64payload = Buffer.from(jsonPayload).toString("base64").split("=")[0];
console.log("bs64Payload :>> \n", bs64payload); //look the same as the token i got
// TRY to generate the signature from the Base64Header and Base64Payload
// with the secret code that i used to sign the JWT
let secret = "0d528cb666023eee0d44e725fe9dfb751263d2f68f07998ae7388ff43b1b504f";
let signature = bs64header + "." + bs64payload;
let hashed = crypto
.createHash("sha256", secret)
.update(signature)
.digest("hex");
console.log("hashed :>> \n", hashed);
let bs64signature = Buffer.from(hashed).toString("base64").split("=")[0];
console.log("bs64signature>>", bs64signature); //This is where i got stuck.
// let jwt = bs64header + "." + bs64payload + "." + bs64signature;
// console.log("jwt>>", jwt);
I have modified your code a lot to make it less repetitive and easier to read. I am not entirely sure if this will work, so please comment if there are any errors.
I have tested it in runkit and have also checked what the output should be using jwt.io. The output appears to be the same, so I am pretty certain that this works.
Changes
Created a function to base64 encode objects and strings.
Created a function to make base64 strings use the URL safe character set.
Changed crypto.createHash() to crypto.createHmac(), so that a secret key can actually be used.
// base64 encode the data
function bs64encode(data) {
if (typeof data === "object") {
data = JSON.stringify(data);
}
return bs64escape(Buffer.from(data).toString("base64"));
}
// modify the base64 string to be URL safe
function bs64escape(string) {
return string.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
}
// base64 encode the header
let bs64header = bs64encode({
alg: "HS256",
typ: "JWT"
});
console.log("bs64header :>>\n ", bs64header);
// base64 encode the payload
let bs64payload = bs64encode({
id: "5eb20004ac94962628c68b91",
iat: 1589125343,
exp: 1589989343,
jti: "37743739b1476caa18ca899c7bc934e1aba63ba1"
});
console.log("bs64payload :>> \n", bs64payload);
// generate the signature from the header and payload
let secret = "0d528cb666023eee0d44e725fe9dfb751263d2f68f07998ae7388ff43b1b504f";
let signature = bs64header + "." + bs64payload;
let bs64signature = bs64escape(crypto
.createHmac("sha256", secret)
.update(signature)
.digest("base64"));
console.log("bs64signature>>", bs64signature);
let jwt = bs64header + "." + bs64payload + "." + bs64signature;
console.log("jwt>>", jwt);
I have encrypt my token and data json object like this and that's redirect to a subdomain web app with a guard angular :
// access website Wordpress/jQuery/Crypto-js 3.1.9-1
let encrypted = CryptoJS.AES.encrypt(JSON.stringify(response), SECRET_PASSPHRASE);
window.location.href = APP_HOME + "?access=" + encrypted;
The redirection work's as well but I have this error when my guard try to deycrpt the "access" param.
Error: Malformed UTF-8 data
at Object.stringify (core.js:478)
at WordArray.init.toString (core.js:215)
at AuthGuard.push../src/app/_guards/auth/auth.guard.ts.AuthGuard.decryptData (auth.guard.ts:62)
at AuthGuard.push../src/app/_guards/auth/auth.guard.ts.AuthGuard.canActivate
My function to decrypt - Angular WebApp - I try a lot of variations because I find a lot of persons to have the same bug with this error "Malformed UTF-8 data'.
/* Angular - Crypto-js 3.1.9-1 */
import * as CryptoJS from 'crypto-js';
...
decryptData(data) {
try {
const bytes = CryptoJS.AES.decrypt(data.toString(), this.encryptSecretKey);
let decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
//let aa = CryptoJS.enc.Utf8.stringify(bytes)
// let aa = bytes.toString(CryptoJS.enc.Utf8);
console.log('decryptedData ==>', decryptedData);
return JSON.stringify(decryptedData);
} catch (e) {
console.log(e);
}
}
I am trying to create a JSON object, encrypt it using AES, and then send the data, however I am getting an error when I decrypt it.
The following code works perfectly, it encrypts, and decrypts the needed info.
var encrypted = CryptoJS.AES.encrypt(JSON.stringify(token), 'AGsrv54SDG2DA');
console.log("token is :" + encrypted.toString());
//U2FsdGVkX19QYpU9XWLESHzRB7uvFMtc1J/pCbJjXelTHyeEmU4LCsIMpYZGl9Bs157sX2f47fGeAW4EIaCGiPATxX2PdpZ YMdvPKDIaPYPnmlEJa9yZWyfXf80FNbkRM9Jo9M8GrMiAg8baK6S8GH7GdwxeZEVVkLJpFpgFBUPS3xn2sy/bMHWvOK0lPT0
var bytes = CryptoJS.AES.decrypt(encrypted.toString(), 'AGsrv54SDG2DA');
console.log('BYTES BEFORE:' + bytes);
//bytes : 7b2254797065223a22415554485f434f4445222c22554944223a226e6866476a424c30306c5866735763783332333275587171306c6932222c22434944223a22486f6d655370616365434944222c2245584154223a22546875204d617920333120323031382031373a32333a323920474d542b30303030202855544329227d
var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
console.log("auth token UID for test is " + decryptedData.UID); //this works 100%
return {token : encrypted.toString()};
the return statement returns the stringed version of the encrypted data back to my web page. the token is then sent back to another cloud function which attempts to decrypt it as following:
inToken = req.body.code;
console.log("auth token given:" + inToken);
//U2FsdGVkX19QYpU9XWLESHzRB7uvFMtc1J/pCbJjXelTHyeEmU4LCsIMpYZGl9Bs157sX2f47fGeAW4EIaCGiPATxX2PdpZ YMdvPKDIaPYPnmlEJa9yZWyfXf80FNbkRM9Jo9M8GrMiAg8baK6S8GH7GdwxeZEVVkLJpFpgFBUPS3xn2sy/bMHWvOK0lPT0
var bytes = CryptoJS.AES.decrypt(inToken, 'AGsrv54SDG2DA');
console.log('BYTES AFTER:' + bytes);
//7b2254797065223a22415554485f434f4445222c22554944223a226e6866476a424c30306c5866735763783332333275587171306c6932222c22434944223a22486f6d655370616365434944222c2245584154223a22546875204d617920333120323031382031373a32333a323920474d542b30303030202855544329227d
var jsonToken = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
however this throws
Error: Malformed UTF-8 data at Object.stringify
I have a signature method that is meant to be used in Node.js but I'd like to implement it client-side with crypto-js. It should work in latest Chrome versions.
I have tried to follow some answers like this one: Decode a Base64 String using CryptoJS
But I either get errors such as "Error: Malformed UTF-8 data", or a different result than the expected hmacDigest.
I am not sure how I could find an alternative to the "binary" digest although I found this question:
How to get digest representation of CryptoJS.HmacSHA256 in JS
The method is supposed to answer the following:
"Message signature using HMAC-SHA512 of (URI path + SHA256(nonce + POST data)) and base64 decoded secret API key"
This is the Nodejs version (with crypto):
const crypto = require('crypto')
function sign(path, params, secret) {
const message = querystring.stringify(params)
const secretBase64 = Buffer.from(secret, 'base64')
const hash = crypto.createHash('sha256')
const hmac = crypto.createHmac('sha512', secretBase64)
const hashDigest = hash.update(params.nonce + message).digest('binary')
const hmacDigest = hmac.update(path + hashDigest, 'binary').digest('base64')
return hmacDigest
}
note: querystring is just an helper module that can also run in browsers: https://nodejs.org/api/querystring.html
This is my attempt (wip) at implementing with crypto-js:
import cryptojs from 'crypto-js')
function sign (path, params, secret) {
const message = querystring.stringify(params)
const secretParsed = cryptojs.enc.Base64.parse(secret)
const secretDecoded = cryptojs.enc.Utf8.stringify(secretParsed) // -> this throws an error as "Error: Malformed UTF-8 data"
const hash = cryptojs.SHA256(params.nonce + message).toString(cryptojs.enc.hex)
const hmac = cryptojs.HmacSHA512(path + hash, secretDecoded).toString(cryptojs.enc.hex)
return hmac
}
Try this ! I think this is what you looking for !
const crypto = require("crypto")
const sign = (path, params, secret) => {
const message = querystring.stringify(params)
const secret = Buffer.from(secret, 'base64')
let sign = params.nonce + message
let hash = crypto.createHmac('sha256', secret)
.update(sign)
.digest("base64").toString()
let encoded = encodeURIComponent(hash)
return encoded
}