Bug 64030 - New function or controler JWT decode
Summary: New function or controler JWT decode
Status: NEW
Alias: None
Product: JMeter
Classification: Unclassified
Component: Main (show other bugs)
Version: 5.2.1
Hardware: PC All
: P2 enhancement (vote)
Target Milestone: JMETER_5.2
Assignee: JMeter issues mailing list
Depends on:
Reported: 2019-12-24 10:23 UTC by Sebastian Boga
Modified: 2019-12-26 11:42 UTC (History)
1 user (show)

Simple implementation of a JWT decode function for HMACs (10.32 KB, patch)
2019-12-25 10:55 UTC, Felix Schumacher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Boga 2019-12-24 10:23:57 UTC
We need to decode JWT information directly in JMeter.
Can we have a function to do this for us?

Note: we, as testers we decode the information inside JWT using the website https://jwt.io/
Comment 1 Felix Schumacher 2019-12-25 10:55:58 UTC
Created attachment 36930 [details]
Simple implementation of a JWT decode function for HMACs

This is a sample (and simple) implementation of a JWT decode function, that implements HS256-HS512 JWT tokens. 

What does it support:
 * HS256-HS512
 * Decodes the payload to string
 * checks integrity of the JWT when the shared secret is given

What is missing:
 * all other possible MACs
 * documentation
 * internal usage of one of the available JWT java libraries
 * thoughts about the ux
Comment 2 Philippe Mouawad 2019-12-26 11:28:39 UTC
Hello Felix,
Thanks for this patch.

Why not use one of those 3 which are license compatible with Apache and have wider support of algos ?
- https://github.com/jwtk/jjwt
- https://github.com/auth0/java-jwt 
- https://vertx.io/docs/vertx-auth-jwt/js/

I would avoid using minidev json-smart as it seems it has no activity anymore