Need Help With Decoding JWT in HS256

renekthrope · December 12, 2022, 9:00am

I don’t know what to put here, in this line of code:
#include <jwt-cpp/jwt.h>
auto decoded = jwt.decode(what to put here)
I get errors when I try.

I am trying to decode a JWT with HS256 using a specific key.

dan.woda · December 12, 2022, 3:58pm

Hi @renekthrope,

It would be helpful to know what language and SDKs you are using.

renekthrope · December 13, 2022, 4:44am

My apologies, here it is:
Language: C++
SDK/s: git clone GitHub - Thalhammer/jwt-cpp: A header only library for creating and validating json web tokens in c++

Thanks for letting me know.

dan.woda · December 13, 2022, 3:35pm

Thanks for the added info.

With that library, the jwt.decode() function appears to take a base64 encoded JWT (a string), and decodes it. It’s important to note, that function does not verify the token.

To verify the token you need to pass your secret, claims, and the decoded token.

Here is their example:

auto verifier = jwt::verify()
    .allow_algorithm(jwt::algorithm::hs256{ "secret" })
    .with_issuer("auth0");

verifier.verify(decoded_token);

Does that help?

renekthrope · December 15, 2022, 6:27am

Hey,

Thanks for your reply. What I wanted is to decode the JWT token that is saved in a STRING, that is encrypted by HS256. I am not looking to encode it.

dan.woda · December 15, 2022, 2:20pm

Hi @renekthrope,

JWTs are usually encoded and signed, not encrypted.

The secret is used to verify the signature and is not needed to decode the JWT.

You may want to do some reading to understand JWTs and how they work before using them. This is a good place to start:

renekthrope · December 16, 2022, 8:07pm

Hey,

Ohhh now I understand, I thought it was encrpyted and a secret key was needed, the secret key was confusing me. Thank you, I am just writing this so who needs it can see it.

This is to install library for linux ubuntu:

/***************************************
//JWT and Git STEP BY STEP
sudo apt-get install libssl-dev

sudo apt-get install git-all

//Install libcrypto+±dev and cmake packages
sudo apt install libcrypto+±dev cmake

//GIT
git clone GitHub - Thalhammer/jwt-cpp: A header only library for creating and validating json web tokens in c++

//Go to jwt-cpp folder
cd jwt-cpp

//Create a build directory and go to it
mkdir build && cd build

//Run cmake
cmake …

//Compile and install jwt-cpp library
make && sudo make install

*********************************************/

To decode JWT HS256:

#include <jwt-cpp/jwt.h>

auto test = jwt::decode(jwtString);
std::string result = test.get_payload();
std::cout << result << std::endl;

system · December 30, 2022, 8:08pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.