Creating JWT and signing it

Posted on Mon 8th, April 2024

• #1

MaBe

Found this link and started with this:

var header = {
  "alg": "HS256",
  "typ": "JWT"
};

var data = {
  "id": 1337,
  "username": "john.doe"
};

var encodedHeader = btoa(JSON.stringify(header));
var encodedData = btoa(JSON.stringify(data));
var token = encodedHeader + "." + encodedData;
var secret = "My very confidential secret!";

print(token);

/* struggled at this point, no clue if there i an existing solution for this 
var signature = CryptoJS.HmacSHA256(token, secret);
*/

signature = btoa(signature);
var signedToken = token + "." + signature;

Any hints howto?

• #2

Gordon

Would https://www.espruino.com/Reference#l_crypto_SHA256 work?

That doesn't have the HMAC but you might be able to use https://www.espruino.com/hmac

Seems like there's a convenience function for SHA1 but hmac=require("hmac"); ... = new hmac.HMAC(key, require('crypto').SHA256, 64, 20); might do it (if you know what block size HmacSHA256 uses?)
• #3

MaBe

Nice, thank for sharing, will try to write a HmacSHA256 module.
• #4

MaBe

SHA-256 64 32
• #5

Gordon

Maybe you could do a PR to add that to the hmac module?
• #6

MaBe

Yes, definitely - on my way but struggling a fresh LINUX build and a working connecting via tcp.
• #7

MaBe

There should be a new module named hmac2, because not all boards include SHA256.
• #8

MaBe

Missing a last piece, how to encode the Uint8Array([...]).bufferto a base64. The method toString only allow option 2 and 16, base64 is not implemented, any hint?

• #9

MaBe

got it

signature = HmacSHA256(token, secret);
print(btoa(String.fromCharCode.apply(null, signature)));

• #10

MaBe

Using module hmac256 to create JSON Web Token. A PR is wating for verification and comments.

const HMAC = require('hmac2256');
HmacSHA256 = function(token, secret) {
      var hmac = HMAC.SHA256(E.toArrayBuffer(secret));
     return btoa(String.fromCharCode.apply(null,  hmac.digest(E.toArrayBuffer(token)))).replace(/=+$/, ''); 
};

var header = { "alg": "HS256", "typ": "JWT"};
var data = { "id": 1337,"username": "john.doe"};
var secret = "My very confidential secret!";
var encodedHeader = btoa(JSON.stringify(header));
var encodedData = btoa(JSON.stringify(data));
var token = encodedHeader + "." + encodedData;
var signature = HmacSHA256(token, secret);
var jwt = (token+'.'+signature);

Post a reply
- Bold
- Italics
- Link
- Image
- List
- Quote
- code
- Preview
Formatting Help

Don't worry about formatting, just type in the text and we'll take care of making sense of it. We will auto-convert links, and if you put asterisks around words we will make them bold.

Tips:

Create headers by underlining text with ==== or ----

To *italicise* text put one asterisk each side of the word

To **bold** text put two asterisks each side of the word

Embed images by entering:
![](https://www.google.co.uk/images/srpr/logo4w.png)
That's the hard one: exclamation, square brackets and then the URL to the image in brackets.

* Create lists by starting lines with asterisks

1. Create numbered lists by starting lines with a number and a dot

> Quote text by starting lines with >

Mention another user by @username

For syntax highlighting, surround the code block with three backticks:

```
Your code goes here
```
Just like Github, a blank line must precede a code block.

If you upload more than 5 files we will display all attachments as thumbnails.

For a full reference visit the Markdown syntax.

Creating JWT and signing it

About

Creating JWT and signing it

Actions

Creating JWT and signing it

Formatting Help

About

Creating JWT and signing it

Actions

Espruino