JWT JSON Web Token (1 Viewer)

nhorton79

Registered User.
Local time
Tomorrow, 04:48
Joined
Aug 17, 2015
Messages
147
Has anyone had any experience with JWTs.

I’m currently working on an OAuth2 authenticator for Xero and they’ve decided to suddenly start returning the access tokens in a JWT.😞

Would appreciate any help or a good point in the right direction.
 

nhorton79

Registered User.
Local time
Tomorrow, 04:48
Joined
Aug 17, 2015
Messages
147
Hey cheekybuddha,

I'm wanting to decode a JWT to get the payload in VBA.

I suppose I’ll need to decrypt using HMAC SHA256 or RSA.

I was wondering whether anyone had done anything like this in VBA before.
 

nhorton79

Registered User.
Local time
Tomorrow, 04:48
Joined
Aug 17, 2015
Messages
147
I managed to sort this. It is an adaption of something I found on Github and converted to VBA.
There was a LOT more code including Verify functions, but I kept just the code necessary to do the job (there is a little extra here that I didn't need but which may help someone else to handle JWT)

Code:
Public Function Decode(token As String, Optional key As String = "", Optional verifySignature As Boolean = False) As String

    Dim parts() As String: parts = Split(token, ".")
    
    If (UBound(parts) - LBound(parts) + 1) <> 3 Then
        Msgbox "JWT Decode : Token must consist from 3 delimited by dot parts"
        Decode = Null
        Exit Function
    End If
    
    ' End if (parts.Length != 3)
    Dim header As String: header = parts(0)
    Dim payload As String: payload = parts(1)
    Dim crypto() As Byte: crypto = Base64URLDecode(parts(2))

    Dim headerJson As String
    Dim payloadJson As String
    
    Dim myConverter As Object
    Set myConverter = CreateObject("System.Text.UnicodeEncoding") 'used unicode instead of utf8

    headerJson = myConverter.GetString(Base64URLDecode(header))
    payloadJson = myConverter.GetString(Base64URLDecode(payload))
    
    'convert header and payload into json object so we can check data in a verify function (TODO)
    Dim headerData As Object
    Set headerData = JsonConverter.ParseJson(headerJson)
    Set payloadData = JsonConverter.ParseJson(payloadJson)
    
    If verifySignature Then
        'Add code here later if I want to verify the JWT
    End If

    Decode = payloadJson
    
End Function

I also had to write the Base64URLDecode function, which incorporated Tim Hall's Base64Decode from his WebHelpers in VBA-WEB.

Code:
Public Function Base64URLDecode(strInput As String) As Byte()

    Dim output As Variant
    output = strInput
    
    output = Replace(output, "-", "+") ' 62nd char of encoding
    output = Replace(output, "_", "/") ' 63rd char of encoding
    
    Select Case (Len(output) Mod 4) ' Pad with trailing '='s
    
        Case 0:
            ' No pad chars in this case
        Case 1:
            output = output + "==="
            ' Three pad chars
        Case 2:
            output = output + "=="
            ' Two pad chars
        Case 3:
            output = output + "="
            ' One pad char
        Case Else:
            Msgbox "Illegal base64url string!"
    
    End Select
    
    Dim converted As Variant
    converted = Base64Decode(output)
    
    Base64URLDecode = converted

End Function

If anyone wants to further the verify function, I've made use of VBA-JSON (also by Tim Hall) to make access to the token claims easier.
 

cheekybuddha

AWF VIP
Local time
Today, 15:48
Joined
Jul 21, 2014
Messages
2,237
Brilliant! Thanks for sharing your results. Will look forward to testing at some stage in the future.

Please will you provide links to:
1. something I found on Github
2. Tim Hall's [Base64Decode from his WebHelpers] in VBA-WEB
3. VBA-JSON (also by Tim Hall)
 

theDBguy

I’m here to help
Staff member
Local time
Today, 08:48
Joined
Oct 29, 2018
Messages
21,358
Brilliant! Thanks for sharing your results. Will look forward to testing at some stage in the future.

Please will you provide links to:
1. something I found on Github
2. Tim Hall's [Base64Decode from his WebHelpers] in VBA-WEB
3. VBA-JSON (also by Tim Hall)
Please pardon me for jumping in... Here's one of the links. I have it, because I also use it. Cheers!
 

theDBguy

I’m here to help
Staff member
Local time
Today, 08:48
Joined
Oct 29, 2018
Messages
21,358
Please pardon me for jumping in... Here's one of the links. I have it, because I also use it. Cheers!
And while we're on the subject of Tim Hall's tools, I just tried using this, but it didn't work for me. I tried the supplied Test() function, but I got a Type Mismatch error. Would someone like to test it and let us know if it works? Thanks!
 

Users who are viewing this thread

Top Bottom