I was just trying out jwt tokens on a rails app. Using this jwt library.
JWT.encode({sss: "333"}, 'SECRET_KEY')
#returned below token
"eyJhbGciOiJIUzI1NiJ9.eyJzc3MiOiIzMzMifQ.CwX_1FztYHVpyx_G27u938SceilsVc5AB5Akwqlo2HA"
Then I decoded using the above token
JWT.decode("eyJhbGciOiJIUzI1NiJ9.eyJzc3MiOiIzMzMifQ.CwX_1FztYHVpyx_G27u938SceilsVc5AB5Akwqlo2HA", 'SECRET_KEY')
#returns below response correctly
[{"sss"=>"333"}, {"alg"=>"HS256"}]
But if I try to change the last letter of the token to B instead of current A it is still returning the same response which is weird
JWT.decode("eyJhbGciOiJIUzI1NiJ9.eyJzc3MiOiIzMzMifQ.CwX_1FztYHVpyx_G27u938SceilsVc5AB5Akwqlo2HB", 'SECRET_KEY')
#Getting this response even though the token I provided is wrong
[{"sss"=>"333"}, {"alg"=>"HS256"}]
Actually I am getting the same response for all characters upto D
If I use F and others above then its showing error as expected
>> JWT.decode("eyJhbGciOiJIUzI1NiJ9.eyJzc3MiOiIzMzMifQ.CwX_1FztYHVpyx_G27u938SceilsVc5AB5Akwqlo2HF", 'SECRET_KEY')
JWT::VerificationError (Signature verification raised)
from (irb):34
What could be the reason for this? Is it a bug or am I doing something wrong here?
I was just trying out jwt tokens on a rails app. Using this jwt library.
Then I decoded using the above token
But if I try to change the last letter of the token to B instead of current A it is still returning the same response which is weird
Actually I am getting the same response for all characters upto D
If I use
Fand others above then its showing error as expectedWhat could be the reason for this? Is it a bug or am I doing something wrong here?