'jsonWebtoken nodeJs wielding different results compared to https://jwt.io/
I'm trying to get a jsonWebtoken with jwt.sign(payload, secretOrPrivateKey, [options, callback]) but I just can't reproduce the same value which is created online on: https://jwt.io/#debugger-io
HeaderPart: { "alg": "HS256" }
PayloadPart: { "sub": "0ed971b7ee04e9aeab20b00a0edbbd9d06f4bf4bfb7cee96fa3066a2c65eb319" }
SecretKey: "458ee9b7330d3e05faf6e60d3fa3a684e110668263bd0db285863a380de21c41"
Using https://jwt.io/#debugger-io I get the following token which matches the one from the documentation I saw:
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJSNGpONjRUSU5tUzJZeTBOYW1IamFFSDZQcTB1MjFlQ09WWHNhTTFxMEgyMEdIMm1oQlA0WG1Gd1hVbGNuWHl2In0.QaPYHUiSKmQp1yVBiOSGtRxukEKVMrVy0a9Y_9qZSoc
Using jwt.sign:
const bearerToken = jwt.sign(
{
sub: '0ed971b7ee04e9aeab20b00a0edbbd9d06f4bf4bfb7cee96fa3066a2c65eb319'
},
'458ee9b7330d3e05faf6e60d3fa3a684e110668263bd0db285863a380de21c41');
Value = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJSNGpONjRUSU5tUzJZeTBOYW1IamFFSDZQcTB1MjFlQ09WWHNhTTFxMEgyMEdIMm1oQlA0WG1Gd1hVbGNuWHl2IiwiaWF0IjoxNjUxODMyOTE5fQ._FOsHb-RKP8kXpYOaJpoY8x4ijAFXnRBq67oQeflpyE
Since jwt automatically adds {typ: "JWT"} to the header if the payload is an object it makes sense that there's a difference. I read that you can unset a header if you set its value to undefined
const bearerToken2 = jwt.sign(
{
sub: 'R4jN64TINmS2Yy0NamHjaEH6Pq0u21eCOVXsaM1q0H20GH2mhBP4XmFwXUlcnXyv'
},
'lGQmeQJ9tEz0es3V91PdnOIb_IoUNCkvGMyAc4HC6g2-5ZzKeubqPQ',
{
header: { typ: undefined }
});
VALUE = eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJSNGpONjRUSU5tUzJZeTBOYW1IamFFSDZQcTB1MjFlQ09WWHNhTTFxMEgyMEdIMm1oQlA0WG1Gd1hVbGNuWHl2IiwiaWF0IjoxNjUxODMyOTE5f Q.jEP-QI6JYZnLk50M-Af6T7QXPIm10CRhC0KV8l0pi0Q
Still no luck so I looked into the sign.js sourceCode
var header = Object.assign({
alg: options.algorithm || 'HS256',
typ: isObjectPayload ? 'JWT' : undefined,
kid: options.keyid
}, options.header);
there I removed the "typ" property from the header than I get the following VALUE = eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJSNGpONjRUSU5tUzJZeTBOYW1IamFFSDZQcTB1MjFlQ09WWHNhTTFxMEgyMEdIMm1oQlA0WG1Gd1hVbGNuWHl2IiwiaWF0IjoxNjUxODMzMDcyfQ .oDkgJ1ARtqeSDUPaNqhbjJGHuT1piSKHHgj_PQSvcxQ
Maybe I completely misunderstood what https://jwt.io/ and jsonwebtoken do.
Hope someone can help me.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|