Hello, not sure if this is the right place for this, but i have to decode a JWT Secrete token and convert it to JSON. I don’t know why the guy i’m working with is doing it this way, he told me to install this library,
But it seems way out of date, i got an error on decoding that seems to be the plugin’s fault… Is there any other way to decode a JWT file? Or is the first link usable, i just need to import it somehow?
No, of course it’s not. It’s written in ruby. So it can not be used in Unity.
Why do you think it’s out of date? Because you
?
Json Web Tokens just provide a general framework which is actually very simple. However a WebToken could use different algorithms for the signature. The used algorithm is specified in the header of the JWT. As you may know a JWT consists of 3 parts which are separated by a dot. The first part is the header, the second part the payload and the third part is the signature. All 3 parts are simply base64 encoded, but with the URL-safe variant where “/” is replaced by “_” and “+” is replaced by “-”. The header is plain json text which tells you about the used algorithm. The payload is often times also just plain json text while the signature is usually a byte stream of the signature of header and payload.
It’s not even clear what you want to do with those web tokens. Common things you want to do are:
Verify that the token is valid by checking the signature against the header / payload
extract information from the payload.
The C# library you mentioned above should work just fine. However it only supports
“HS384”, “HS512” and "HS256
HS256
" as signature algorithm. If the token you’re using uses a different one, it can not be verified with this library. JWT is a quite open standard and in theory you could use any potential signature algorithm. However that doesn’t mean that every client / peer has to understand / support this algorithm. The standard only defines that “HS256” and “none” must be supported. Any other algorithm is application specific.
The reason i think it’s out of date is, well, it’s 8 years old, and i got an error(in one of the plugin’s scripts) after inputting a test token, which i was able to convert to a JSON with an online decoder of sorts?
The JW token uses HS256, it’s basically just an encoded JSON file that i need to convert into a class that contains the user ID, lives left, and some other info. So, is there some way to decode it manually?
Edit: I tried a bit more to get that plugin working, it’s getting a key not found error here at this line, https://imgur.com/a/4qWsiip
I tried even making a test JWT and decoding it, and it gave the same error, so that’s why i think it’s out of date lol
The specification of JWTs hasn’t changed in the last 9 years, so any claim that it may be out of date is unsubstantiated. Just because something is old doesn’t mean it’s outdated. Well it may contain a bug, though it doesn’t really look like it.
I will start ignoring posts like this in the future. Errors are quite specific. They actually contain a destription in english as well as an exact line and column where the error occured. You have this information, we don’t, Even after several posts you only vaguely talk about “some error”. When sharing code snippets here, use code tags here in the forum and don’t post images of code.
Maybe your JWT is encrypted? We can’t really tell. You can use this cyber-chef widget I quickly thrown together to split a JWT into it’s parts and only base64 decode each part. The parts are simply shown with an empty line between them. Just paste your JWT into the input field and you should see the decoded header, payload and signature parts in the output. Of course, the signature would be giberish as it’s usually binary data / a hash value. However it allows you to actually see what the JWT is composed of, which algorithm is used and if it’s encrypted or not.
The C# JWT library does not support encrypted JWTs. JWTs can be used for countless different applications. So we don’t know what exact functionality you need. At least show us the header of your web token in case the rest is confidential. Here’s a more advanced version of the above recipe. It will beautify the json. It contains an example token.
Huh? Maybe you didn’t see my edit, i did post an image(of the code) and specified what the error was. It’s getting a key not found “alg” error at the line i highlighted in the picture. alg is the key for the algorithm i guess?
So, how can i decode it at runtime? It’s HS256. It does contain some weird gibberish on the bottom for some reason, but the json seems to be intact.
Well, the issue with this Library is that it simple doesn’t work with its default json serializer as they plugged in Unity’s JsonUtility which never worked with Dictionary objects. All the tests in the Tests folder are carried out with a different serializer that actually supports Dictionaries. So plugin a different json serializer (for example Newtonsoft’s Json.NET) and it would most likely work. Though I never used this library. It was a very early fork of JWT-dotnet which is much more advanced and supports way more algorithms now. So it probably makes much more sense to use the original
So you mean to deserialize the Json with Json.NET and then pass it in? I tried using SimpleJson and Json.NET to deserialize it but they all give the same error.
Found myself in a similar situation attempting to get a proof-of-concept JWT system working with a Unity client/server. I used the JWT-for-Unity library, installed Unity’s Json (com.unity.nuget.newtonsoft-json) via package manager, and made the following changes in DefaultJsonSerializer.cs:
public string Serialize(object obj)
{
return JsonConvert.SerializeObject(obj);
}
public T Deserialize<T>(string json)
{
return JsonConvert.DeserializeObject<T>(json);
}
And it worked fine when testing the token with https://jwt.io/
