popcorn hacks JWT

_notebooks/2023-12-19-JWTLesson.ipynb

@@ -386,13 +386,13 @@
     "        String payload = \"{\\\"sub\\\":\\\"\" + subject + \"\\\",\\\"iat\\\":\" + System.currentTimeMillis() / 1000 +\n",
     "                \",\\\"exp\\\":\" + expirationTimeMillis / 1000 + \"}\"; // payload\n",
     "\n",
-    "        String encodedHeader = base64UrlEncode(header); // both lines are algorithm\n",
-    "        String encodedPayload = base64UrlEncode(payload);\n",
+    "        String encodedHeader = base64UrlEncode(header); // base64Url encoding of header\n",
+    "        String encodedPayload = base64UrlEncode(payload); // base64Url encoding of payload\n",
     "\n",
     "        String dataToSign = encodedHeader + \".\" + encodedPayload;\n",
     "        String signature = signData(dataToSign, secretKey); // signature\n",
     "\n",
-    "        return dataToSign + \".\" + signature;\n",
+    "        return dataToSign + \".\" + signature; // JWT: header.payload.signature\n",
     "    }\n",
     "\n",
     "    private static String base64UrlEncode(String input) {\n",
@@ -405,14 +405,14 @@
     "            SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), \"HmacSHA256\");\n",
     "            sha256Hmac.init(secretKeySpec);\n",
     "            byte[] signature = sha256Hmac.doFinal(data.getBytes(StandardCharsets.UTF_8));\n",
-    "            return base64UrlEncode(new String(signature, StandardCharsets.UTF_8));\n",
+    "            return base64UrlEncode(new String(signature, StandardCharsets.UTF_8)); // base64Url encoding of signature\n",
     "        } catch (Exception e) {\n",
     "            throw new RuntimeException(\"Error signing JWT\", e);\n",
     "        }\n",
     "    }\n",
     "}\n",
     "\n",
-    "JwtGenerator.main(null);"
+    "JwtGenerator.main(null);\n"
    ]
   },
   {