Re: JWT payloads break b64dec convertor

2018-05-28 Thread Benoît GARNIER
Le 28/05/2018 à 10:19, Adis Nezirovic a écrit : > On 05/26/2018 04:27 PM, Jonathan Matthews wrote: >> Hello folks, >> >> The payload (and other parts) of a JSON Web Token (JWT, a popular and >> growing auth standard: https://tools.ietf.org/html/rfc7519) is base64 >> encoded. >> >> Unfortunately,

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Aleksandar Lazic
12:34 PM To: Jonathan Matthews Cc: Willy Tarreau ; haproxy Subject: Re: JWT payloads break b64dec convertor On 28/05/2018 15:10, Jonathan Matthews wrote: On Mon, 28 May 2018 at 14:26, Willy Tarreau wrote: On Mon, May 28, 2018 at 01:43:41PM +0100, Jonathan Matthews wrote: > Improveme

RE: JWT payloads break b64dec convertor

2018-05-28 Thread Norman Branitsky
https://en.wikipedia.org/wiki/The_C_Programming_Language -Original Message- From: Aleksandar Lazic Sent: Monday, May 28, 2018 12:34 PM To: Jonathan Matthews Cc: Willy Tarreau ; haproxy Subject: Re: JWT payloads break b64dec convertor On 28/05/2018 15:10, Jonathan Matthews wrote

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Aleksandar Lazic
On 28/05/2018 15:10, Jonathan Matthews wrote: On Mon, 28 May 2018 at 14:26, Willy Tarreau wrote: On Mon, May 28, 2018 at 01:43:41PM +0100, Jonathan Matthews wrote: > Improvements and suggestions welcome; flames and horror -> /dev/null ;-) Would anyone be interested in adding two

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Willy Tarreau
On Mon, May 28, 2018 at 03:10:01PM +0100, Jonathan Matthews wrote: > On Mon, 28 May 2018 at 14:26, Willy Tarreau wrote: > > > On Mon, May 28, 2018 at 01:43:41PM +0100, Jonathan Matthews wrote: > > > Improvements and suggestions welcome; flames and horror -> /dev/null ;-) > > > >

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Jonathan Matthews
On Mon, 28 May 2018 at 14:26, Willy Tarreau wrote: > On Mon, May 28, 2018 at 01:43:41PM +0100, Jonathan Matthews wrote: > > Improvements and suggestions welcome; flames and horror -> /dev/null ;-) > > Would anyone be interested in adding two new converters for this, > working

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Willy Tarreau
On Mon, May 28, 2018 at 01:43:41PM +0100, Jonathan Matthews wrote: > Improvements and suggestions welcome; flames and horror -> /dev/null ;-) Would anyone be interested in adding two new converters for this, working exactly like base64/b64dec but with the URL-compatible base64 encoding instead ?

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Jonathan Matthews
On 28 May 2018 at 12:32, Jonathan Matthews wrote: > I think with your points and ccripy's sneaky (kudos!) padding > insertion, I can do something which suffices for my current audit > needs. For the list, here's my working v1 that I ended up with. I'm sure various things

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Jonathan Matthews
On 28 May 2018 at 09:19, Adis Nezirovic wrote: > On 05/26/2018 04:27 PM, Jonathan Matthews wrote: >> Hello folks, >> >> The payload (and other parts) of a JSON Web Token (JWT, a popular and >> growing auth standard: https://tools.ietf.org/html/rfc7519) is base64 >>

Re: JWT payloads break b64dec convertor

2018-05-28 Thread Adis Nezirovic
On 05/26/2018 04:27 PM, Jonathan Matthews wrote: > Hello folks, > > The payload (and other parts) of a JSON Web Token (JWT, a popular and > growing auth standard: https://tools.ietf.org/html/rfc7519) is base64 > encoded. > > Unfortunately, the payload encoding (specified in >

Re: JWT payloads break b64dec convertor

2018-05-27 Thread cripy
while probably not the most ideal solution... i found a quick method to do this using the builtin converters within the configuration to append the padding where necessary. here is an example: log-format %[var(txn.jwtpayload),b64dec] http-request set-var(txn.jwtpayload) req.hdr('x-jwtpayload')

JWT payloads break b64dec convertor

2018-05-26 Thread Jonathan Matthews
Hello folks, The payload (and other parts) of a JSON Web Token (JWT, a popular and growing auth standard: https://tools.ietf.org/html/rfc7519) is base64 encoded. Unfortunately, the payload encoding (specified in https://tools.ietf.org/html/rfc7515) is defined as the "URL safe" variant. This