Re: [cas-user] JWT decode

Wed, 11 Nov 2020 14:39:26 -0800

I did this, it wasn't easy, possibly due to my lack of knowledge. I combed through the CAS source code to find the bits involved an simply emulated them as they are all to spec. workings.
I didn't see any directly exposed CAS API's for this they were all internal. 


I made extensive use of the jose4j library to deal with the JWT tokens 
etc etc.


https://bitbucket.org/b_c/jose4j/wiki/Home

Look around in the source for

CipherExecutor

EncodingUtils

for hints.


There are multiple layers (sorry can't remember the details). The JWT 
component itself has signature and hashes and then the JWT itself is 
additional encrypted before being stored in TOTP databases. Keep in mind 
that there are secrets involved that once shared expose every token.


Not sure if this was much help.


Colin

On 11/11/20 3:58 PM, Jeffrey Ramsay wrote:

Hello -


I am hoping someone can point me in the right direction regarding JWT 
used with CAS and which api is used to decode/decrypt them. I want to 
be able to decode the GAUTH secret for third-party access.


Base64 decoding the string produces these headers.

{"alg":"HS512","typ":"JWT"}
{"zip":"DEF","alg":"dir","enc":"A256GCM","cty":"JWT","typ":"JWT"}

Thanks,
-Jeff
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>

- Gitter Chatroom: https://gitter.im/apereo/cas 
<https://gitter.im/apereo/cas>

- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---

You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOSO_RDcdt3OCezQ927d8VcDzfK0txvq9Oabc82Lj0tcFQ%40mail.gmail.com 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOSO_RDcdt3OCezQ927d8VcDzfK0txvq9Oabc82Lj0tcFQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5d265ea-389d-acd1-7451-c95e2b994139%40caveo.ca.






















					Reply via email to