Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Decode JWT TCL

Status
Not open for further replies.

DuuTz

Programmer
Dec 1, 2022
3
BR
Goodnight.
I'm trying to find a way to decode a jwt using only the TCL, does anyone have it or know a way to do it?

JWT Exemple.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
 
There are several variants - with/without signaturea, with/without encryption. Does what you want to decode have encryption or signatures? If it is just a plain JWT, it could be possible but with signatures and/or encryption, it is quite unlikely that you can do anything with it unless you know the encryption keys and where the keys/signature lies in the token.
 
Hey. Thanks for replying, they are. Simple jwts, no encryption or signature.
 
I searched for JWT and found modules for Perl, Python, Ruby.
But for Tcl i found only this library: I tried it, but could not figure out, how to decode your example with it.

In contrast, with Python I was done quickly:
Code:
>>> import jwt

>>> jwt_options = {
        'verify_signature': False,
        'verify_exp': False,
        'verify_nbf': False,
        'verify_iat': False,
        'verify_aud': False
    }
>>> encoded_jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"

>>> jwt.decode(encoded_jwt, key="", algorithms=['HS256', ], options=wt_options)
{'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022}
>>>
 
Yeah, the challenge is to do it in tcl. I need to use this in a framework that only accepts tcl.[dazed]
 
If you don't want to program the JWT decode algorithm yourself, then IMO you have these choices:
1) use the chilkat library (link given above), but it seems that it's not free and you have to buy it.
2) use any other external program (written in any other language) which should be called from Tcl and does the work. Then the result could be used inside of your Tcl code.
Personally, I would prefer the option 2


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top