Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
531 views
in Technique[技术] by (71.8m points)

oauth 2.0 - Is it possible to set a postman variable from a value in a JWT token?

I've configured Postman to retrieve my JWT access token from my Identity Provider. I'd like to store some of the properties stored in the access token as variables (e.g sub, aud, scope).

jwt.io can decode the access token so I was wondering if there was anything in Postman (I couldn't find anything) or some other way to do this.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Postman supports cryptojs library : https://learning.postman.com/docs/writing-scripts/script-references/postman-sandbox-api-reference/#using-external-libraries

Add below example to postman test script:

let jwt = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.UsrGn95rk5DStcC_WwIr3WIv5rHe2IApX56I58l8uyo`

a = jwt.split('.');


//a.forEach(function (val) {
    var words = CryptoJS.enc.Base64.parse(a[1]);
    var textString = CryptoJS.enc.Utf8.stringify(words);

    console.log(textString)
//})

Output:

enter image description here

The hmacSHA256 is not an encryption algorithm but an Hashing algorithm so there is no way to decode it as hashing is one-way function.

as the last part is in the form

HMACSHA256 of ( base64(header) + "." + base64(body) )

you can try creating it and equating both are equal


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...