Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples
Sergey Beryozkin <sberyozkin@gmail.com> Fri, 25 April 2014 11:06 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67D1B1A03B7 for <oauth@ietfa.amsl.com>; Fri, 25 Apr 2014 04:06:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_tVOtbWAJPz for <oauth@ietfa.amsl.com>; Fri, 25 Apr 2014 04:06:23 -0700 (PDT)
Received: from mail-ee0-x22a.google.com (mail-ee0-x22a.google.com [IPv6:2a00:1450:4013:c00::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 0852F1A017C for <oauth@ietf.org>; Fri, 25 Apr 2014 04:06:22 -0700 (PDT)
Received: by mail-ee0-f42.google.com with SMTP id d17so2713062eek.1 for <oauth@ietf.org>; Fri, 25 Apr 2014 04:06:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=uUh8oUn43Ym9YGzx5G7xkJXRWCWGd3Vpcuof2XG4d2Q=; b=ozDL6GWdSUN31+c3l+MWmV8YXxZlykajUc0B0Mu+IjBpWRQeMWd+yN4lV+YvOsh/8b 4taruf/ZN9oxsVEeUM065hTPYJAonhov2rfIfdAWFP+3JB7dRxy47xzKCHh44OuxYNSq tdupGU6DKhLc7GOUNgxuHA1mPMtadlwoLIzy+jgfjgcA+RtmP8waBLCwUTUjt75DKvQA uoIb53jKCXRTsei5Aqiz95c0/5H0JO5Bza/Rz7WTxxoF2xrjifvStbtGCbnQfyK7Hmjg gJ/Ebv0nzMGAUBbxTQ5VLu2qTIatcQRk8DHNTIVcfvVal722havgdadQOPKxmyw2oZa7 ujyw==
X-Received: by 10.14.214.198 with SMTP id c46mr10000832eep.29.1398423976190; Fri, 25 Apr 2014 04:06:16 -0700 (PDT)
Received: from [10.36.226.2] ([80.169.137.63]) by mx.google.com with ESMTPSA id q41sm23953178eez.7.2014.04.25.04.06.15 for <oauth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 25 Apr 2014 04:06:15 -0700 (PDT)
Message-ID: <535A41A6.1040200@gmail.com>
Date: Fri, 25 Apr 2014 12:06:14 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <535A3AF4.4060506@gmx.net>
In-Reply-To: <535A3AF4.4060506@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/RpygXduTbFvDvwJb0rBsgQ1dXqs
Subject: Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 11:06:25 -0000
As far as I recall the spec example uses line separators and it can affect the output Thanks, Sergey On 25/04/14 11:37, Hannes Tschofenig wrote: > Hi all, > > As a document shepherd I have to verify the entire document and this > includes the examples as well. > > Section 3.1: > > You write: > > " > The following octet sequence is the UTF-8 representation of the JWT > Header/JWS Header above: > > [123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32, > 34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125] > " > > The values IMHO are represented in Decimal code point rather than Octal > UTF-8 bytes, as stated above. > See the following online tool to see the difference: > http://www.ltg.ed.ac.uk/~richard/utf-8.cgi?input=%22&mode=char > > Note that you could also show a hex encoding instead (e.g., via > http://ostermiller.org/calc/encode.html) Hixie's decoder would then > produce the correct decoding. Here is the link to his software: > http://software.hixie.ch/utilities/cgi/unicode-decoder/utf8-decoder > (Note that this program seems to have flaws for most other options.) > > When do a Base64URL encoding of > > {"typ":"JWT","alg":"HS256"} > > then I get > > eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9 > > but your spec says: > > eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 > > Same with {"iss":"joe","exp":1300819380,"http://example.com/is_root":true}. > > My result: > eyJpc3MiOiJqb2UiLCJleHAiOjEzMDA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ > > Your result: > eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ > > Note: I am using this online tool for Base64URL encoding: > http://kjur.github.io/jsjws/tool_b64uenc.html. > Interestingly, when I dump the data into http://jwt.io/ then I get a > correct decoding. It might well be that the kjur.github.io has a flaw. > > Just wanted to check what tool you have used to create these encodings. > > > Section 6.1: > > The example in Section 6.1 is the same as in 3.1. Maybe it would be > useful to show something different here. > > The example in Appendix A.1 is more sophisticated since it demonstrates > encryption. To verify it I would need to have a library that supports > JWE and RSAES-PKCS1-V1_5 and AES_128_CBC_HMAC_SHA_256. Which library > have you been using? > > I was wondering whether it would make sense to add two other examples, > namely for integrity protection. One example showing an HMAC-based keyed > message digest and another one using a digital signature. > > Here is a simple example to add that almost all JWT libraries seem to be > able to create and verify: > > Header: > {"alg":"HS256","typ":"JWT"} > > I use the HS256 algorithm with a shared secret '12345'. > > Body: > > {"iss":"https://as.example.com","sub":"mailto:john@example.com","nbf":1398420753,"exp":1398424353,"iat":1398420753} > > jwt.encode({"iss":"https://as.example.com","sub":"mailto:john@example.com","nbf":1398420753,"exp":1398424353,"iat":1398420753},"12345", > "HS256") > > I used http://www.onlineconversion.com/unix_time.htm to create the > date/time values: > "nbf":1398420753 --> Fri, 25 Apr 2014 10:12:33 GMT > "exp":1398424353 --> Fri, 25 Apr 2014 11:12:33 GMT > "iat":1398420753 --> Fri, 25 Apr 2014 10:12:33 GMT > > Here is the output created with https://github.com/progrium/pyjwt/ and > verified with http://jwt.io/: > eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FzLmV4YW1wbGUuY29tIiwiaWF0IjoxMzk4NDIwNzUzLCJzdWIiOiJtYWlsdG86am9obkBleGFtcGxlLmNvbSIsImV4cCI6MTM5ODQyNDM1MywibmJmIjoxMzk4NDIwNzUzfQ.0gfRUIley70bMP7hN6sMWkHwHezdrv2E1LAVcNdTsq4 > > Ciao > Hannes > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - E… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Sergey Beryozkin
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Antonio Sanso
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones