Decode token locally

Misaki_Kai · June 1, 2022, 12:43am

from base64 import urlsafe_b64decode
import json

token = "ey<...>n0.eyJ<...>In0.fh0<...>-WKA"

# Split the token into its encoded components
[header,payload,verify] = token.split(".")

# Pad the payload and decode
padded = payload + "="*(-len(payload) % 4)
decoded = urlsafe_b64decode(padded)
data = json.loads(decoded)

especially this one
(-len(payload) % 4)
How it will be in php?

Misaki_Kai · June 1, 2022, 12:49am

Can be close, found solution

Shipwreck_Jones · June 3, 2022, 7:44pm

You have to at specific ISD’s if you want to close it. However, have you considered posting the solution, or a link to the solution, in case future people stumble across this thread looking for an answer?

Dredwerkz · June 6, 2022, 2:41am

I don’t even know what the question is.

Qia_Kare · June 6, 2022, 9:05am

By the look of it, the decoder function requires the input to be a multiple of 4 characters and uses a modulus operation on a negative number to know how many equal signs to add to make that true. Modulus operations involving negative numbers work differently in different languages. That’s probably what’s wrong.

The modulus operator, for those who do not know, returns the remainder of a division and is written using the percent sign when writing code. 5 % 3 = 2 because 3 fits into 5 once with 2 left over.

The following code obtains the length of the payload using a len() function, flips its sign so that it is negative, and then does a modulus division by 4. The result of this operation is how many equal signs are padded onto the payload to hopefully make it an even multiple of 4.
(-len(payload) % 4)

In python, lengths of 4, 5, 6, and 7 would return results of 0, 3, 2, and 1 because in python taking the modulus of a negative number returns the inverse remainder.
5 % 3 = 2, but -5 % 3 = 1

Results:
4 + 0 = 4
5 + 3 = 8
6 + 2 = 8
7 + 1 = 8

All of these are totals neatly divisible by 4.

In PHP, lengths of 4, 5, 6, and 7 would return 0, 1, 2, and 3 because the negative sign is ignored.

Results:
4 + 0 = 4
5 + 1 = 6
6 + 2 = 8
7 + 3 = 10

Adding these together produces a result divisible by 4 only half the time. That’s bad ju ju, and why trying to copy this exactly from python to PHP would not work as expected.

This article contains more information:

system1 · September 4, 2022, 9:06am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to get a JWT Token via Oauth SSO Third Party Developers	4	390	October 17, 2022
Having trouble with getting tokens using v2 oauth Third Party Developers	1	509	March 9, 2019
[SOLVED] Unknown grant_type: 'authorization_code' Third Party Developers	6	810	December 6, 2018
Authentication Flow - Verify the authorization code Third Party Developers	11	847	July 14, 2018
Need some help with Code Auth Third Party Developers	11	544	December 7, 2018

Decode token locally

Related topics