JWT.io is decoding the JWT header "wrong"

galanarus · September 15, 2021, 8:44am

Hey there,

after trying to find an answer in this thread (JWT.io different result compared to base64decode.org) I realized that this is a different issue.

Preface: I blackened the sensible data.

This is the raw JWT header as it is logged by the creator application:
{
“alg”: “RSA256”,
“subject_name”: “”,
“issuer_name”: “”,
“serial”: 1841657277971189406
}

This is the JWT header as it is decoded by JWT.io:
{
“alg”: “RSA256”,
“subject_name”: “”,
“issuer_name”: “”,
“serial”: 1841657277971189500
}

This is the JWT header as it is decoded by Base64 Decode and Encode - Online
{
“alg”: “RSA256”,
“subject_name”: “”,
“issuer_name”: “”,
“serial”: 1841657277971189406
}

As you see, the serial is decoded different.( …500 | 406) where the …406 ending is the correct value.
When using a string as dataType it is parsed correctly but the corresponding party expects a number.

As I get an error response (500) and am currently not able to get more information from there.

Maybe someone can clarify why this is happening.

Thank you in advance

Ray

dan.woda · September 15, 2021, 5:44pm

Hi @galanarus,

Welcome to the Auth0 Community!

Would you please share an example JWT so I can confirm the behavior?

galanarus · September 16, 2021, 8:09am

Hi Dan,

I sent it via message to you because of sensible data.
Thank you for your help.

Ray

system · December 23, 2021, 4:57pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.