Skip to content

Validate a token with no base 64 signin key #1067

Answered by SvenRtbg
marinobmp asked this question in Q&A
Discussion options

You must be logged in to vote

The HS512 algorithm supposedly just uses the string you pass. So if your JWT exchange only works if you base64 encode the signing key on Java side, maybe think about how that key got into PHP, and maybe use base64decode before you pass the key into the signing. You could also use base64Encoded() instead of plainText() to base64-decode the key right away.

To rephrase it: The key has no formal format to follow for this algorithm besides being of a minimum length it bits, so it does not matter if a string of a certain length does not contain any nonprintable characters because that was the random output, or because it is the result of base64-encoding binary output. Base64encoded strings are …

Replies: 1 comment 9 replies

Comment options

You must be logged in to vote
9 replies
@SvenRtbg
Comment options

SvenRtbg Jul 5, 2024
Collaborator

@marinobmp
Comment options

@SvenRtbg
Comment options

SvenRtbg Jul 5, 2024
Collaborator

@SvenRtbg
Comment options

SvenRtbg Jul 5, 2024
Collaborator

@marinobmp
Comment options

Answer selected by lcobucci
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants