Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use JWT Token created by Python in Java

Tags:

java

python

jwt

flask-jwt-extended

I have a interesting question. I use python with Flask for a authentication service, which generates JWT Tokens with flask_jwt_extended. Thats how I generate the tokens in Python, with Flask JWT Extended.

identity = {
        "firstname": user.firstname,
        "lastname": user.lastname,
        "email": user.email,
        "uuid": user.user_uuid,
        'user_id': user.id
    }
access_token = create_access_token(identity=identity, fresh=True)

In the Configuration I specify the JWT Secret Key and the JWT Algorithm:

JWT_SECRET_KEY = "this-really-needs-to-be-changed"
JWT_ALGORITHM = "HS256"

In Java I use the jjwt library (io.jsonwebtoken, jjwt, 0.9.0), to decode the JWT I make:

Claims userJWT = Jwts.parser()
                    .setSigningKey("this-really-needs-to-be-changed")
                    .parseClaimsJwt(token)
                    .getBody();

But in Java I get a exception if I run this, I really dont understand what the problem is, because the algorithm is the same and the token.

Since hours I try now to figure out what the problem is because it makes no sense for me,

exception:

  : JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.

io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
        at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:354) ~[jjwt-0.9.0.jar!/:0.9.0]
        at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.0.jar!/:0.9.0]
        at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.0.jar!/:0.9.0]
like image 694
ghovat Avatar asked Mar 23 '18 21:03

ghovat

1 Answers

Probably it is an encoding issue with the keys because your java library requires a base64encoded key. See DefaultJwtParser

public JwtParser setSigningKey(String base64EncodedKeyBytes) {

Please try this: 

Claims userJWT = Jwts.parser()
                .setSigningKey(Base64.getEncoder().encodeToString("this-really-needs-to-be-changed"))
                .parseClaimsJwt(token)
                .getBody();
like image 154
pedrofb Avatar answered Oct 07 '22 21:10

pedrofb
Sign in to Comment

Related questions

Hardware backing HAL too slow, could only write 0 of 720 frames
Java 9 - add jar dynamically at runtime
Serialize fields in custom exception in Java
How to check the health of embedded tomcat in spring boot application?
Cassandra java driver set global consistency level
How to pass a function as a parameter in java
ModelMapper - Converter/ AbstractConverter vs Provider
Failed to use Appium + Android Studio 3.0 + Java 8
Set JVM option for avoid error Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 [duplicate]
How to sort recyclerView right
Kafka Consumer: Stop processing messages when exception was raised
"Unrecognized token 'com': was expecting ('true', 'false' or 'null')"
spring boot and spring security custom login page and controller
Spark WS Framework Filter being called twice
How can I throw an exception for an illegal reflective access warning?
Generating an AWS Signature v4 signature for uploading to s3 (migration from v2)
Socket read timeout under windows: strange hardcode in native method
ProcessHandle onExit has empty data
Starting Intellij IDEA from icon on linux: No JDK found
Best practice to 'rollback' REST method calls inside method

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!