zerocode icon indicating copy to clipboard operation
zerocode copied to clipboard

Published 20 hours ago verified publisher icon authorjapps

JWT token decode

Open automatedbegginer opened this issue 5 years ago • 4 comments
trafficstars

Hi there !

Is there any way to decode jwt token and check for a specific value. I am using a custom step method to decode and check by part of the string. It would be much easier to do it with framework if there is a possibility.

{
  "scenarioName": "Keycloak login - get role",
  "steps": [
    {
      "name": "jwt",
      "url": "${urlKeycloakLogin}",
      "operation": "POST",
      "request": {
        "headers": {
          "Content-Type": "application/x-www-form-urlencoded"
        },
        "body": {
          "username": "${username}",
          "password": "${password}",
          "grant_type": "${grantType}",
          "client_id": "${clientId}",
          "client_secret": "${clientSecret}"
        }
      },
      "assertions": {
        "status": 200,
        "headers": {
          "Content-Type": [ "application/json" ]
        },
        "body": {
          "access_token": "$NOT.NULL"
        }
      }
    },
    {
      "name": "decode_jwt",
      "url": "keycloak_login.Auxiliary",
      "operation": "DecodeJWT",
      "request": "${$.jwt.response.body.access_token}",
      "assertions": "$CONTAINS.STRING:\"resource_access\":{\"roles\":[\"Admin\"]}"
    }
  ]
}

Best

ab

automatedbegginer avatar Jan 03 '20 09:01 automatedbegginer

@automatedbegginer , Yes, sounds good. That will be a good feature. Can you please paste a sample Scenario file here just to have a look...? That will help us to implement the correct thing 👍

nirmalchandra avatar Jan 04 '20 22:01 nirmalchandra

@nirmalchandra I have attached scenario, and as you can see, i am using helper method to decode JWT and then assert by part of string as i cannot return JSON object (framework is trying to deserialize it and it snaps). I think validating something by part of string is not good as order can be changed. It would be much cleaner to do assert normal way to search for value in json. Thanks

automatedbegginer avatar Jan 05 '20 11:01 automatedbegginer

@automatedbegginer , We can have a look and help you. Can you copy-paste the keycloak_login.Auxiliary #DecodeJWT(...) code here? Otherwise you can ping us in Slack to discuss in detail. And requesting to join our mailing list too.

authorjapps avatar Mar 28 '20 09:03 authorjapps

@authorjapps

public static String DecodeJWT(String jwtToken){
        System.out.println("------------ Decode JWT ------------");
        String[] split_string = jwtToken.split("\\.");
        String base64EncodedHeader = split_string[0];
        String base64EncodedBody = split_string[1];
        String base64EncodedSignature = split_string[2];

        System.out.println("~~~~~~~~~ JWT Header ~~~~~~~");
        Base64 base64Url = new Base64(true);
        String header = new String(base64Url.decode(base64EncodedHeader));
        System.out.println("JWT Header : " + header);


        System.out.println("~~~~~~~~~ JWT Body ~~~~~~~");
        String body = new String(base64Url.decode(base64EncodedBody));
        System.out.println("JWT Body : "+ body);
        return body;
    }

automatedbegginer avatar Mar 28 '20 10:03 automatedbegginer