In [1]:
%load_ext autoreload
%autoreload 2

In [2]:
from package.keypair_management import KeyPairManagement

km = KeyPairManagement(directory='./test_keypair')

In [3]:
from package.jwt_management import ClientJWTManagement, ServerJWTManagement

In [4]:
client = ClientJWTManagement(dpop_lifetime=60*60)

# Convert Public Key to Public JWK

In [5]:
public_key_bytes = km.load_public_key_from_pem()
public_key_jwk = client.encode_pem_to_jwk(public_key_bytes)
public_key_jwk

{'kty': 'RSA',
 'n': 'jPazKcy46avG2L7VMSDCu8JfsqFpdzka_BghUFGjLtWhIovWFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLejQFyLc9uOUFAOw0-zh6bDe5ZdE8jcTBGDVAgQIIeGQ-27Icp2wQSYK2NclsV89k_AXMw11TcAe6H-ylce-B74180K--fKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzFkt95eO7xF4VY1r06qQ2nUKbrnfEUjoxTxS4Ic4d7wy7EaZGz16b2-nyZC8UBBwRwhzq1DWVpELybVbzl_Y0Eh56bRc8bfA1bN5st6KLmyv-zkI6KjO6wHqtloiGwpsRUWw',
 'e': 'AQAB',
 'kid': '47bikqx2-HidGIgfd7vnFkO5-l5fEL1_4MacRdJvxPY'}

# Convert Public JWK to Public Key

In [6]:
public_key_bytes

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPazKcy46avG2L7VMSDC\nu8JfsqFpdzka/BghUFGjLtWhIovWFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLe\njQFyLc9uOUFAOw0+zh6bDe5ZdE8jcTBGDVAgQIIeGQ+27Icp2wQSYK2NclsV89k/\nAXMw11TcAe6H+ylce+B74180K++fKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzF\nkt95eO7xF4VY1r06qQ2nUKbrnfEUjoxTxS4Ic4d7wy7EaZGz16b2+nyZC8UBBwRw\nhzq1DWVpELybVbzl/Y0Eh56bRc8bfA1bN5st6KLmyv+zkI6KjO6wHqtloiGwpsRU\nWwIDAQAB\n-----END PUBLIC KEY-----\n'

In [7]:
client.decode_public_jwk_to_pem(public_key_jwk)

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPazKcy46avG2L7VMSDC\nu8JfsqFpdzka/BghUFGjLtWhIovWFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLe\njQFyLc9uOUFAOw0+zh6bDe5ZdE8jcTBGDVAgQIIeGQ+27Icp2wQSYK2NclsV89k/\nAXMw11TcAe6H+ylce+B74180K++fKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzF\nkt95eO7xF4VY1r06qQ2nUKbrnfEUjoxTxS4Ic4d7wy7EaZGz16b2+nyZC8UBBwRw\nhzq1DWVpELybVbzl/Y0Eh56bRc8bfA1bN5st6KLmyv+zkI6KjO6wHqtloiGwpsRU\nWwIDAQAB\n-----END PUBLIC KEY-----\n'

In [8]:
public_key_bytes==client.decode_public_jwk_to_pem(public_key_jwk)

True

# Convert Private Key to Private JWK

In [9]:
private_key_bytes = km.load_private_key_from_pem()
private_key_jwk = client.encode_pem_to_jwk(private_key_bytes)
private_key_jwk

{'kty': 'RSA',
 'n': 'jPazKcy46avG2L7VMSDCu8JfsqFpdzka_BghUFGjLtWhIovWFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLejQFyLc9uOUFAOw0-zh6bDe5ZdE8jcTBGDVAgQIIeGQ-27Icp2wQSYK2NclsV89k_AXMw11TcAe6H-ylce-B74180K--fKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzFkt95eO7xF4VY1r06qQ2nUKbrnfEUjoxTxS4Ic4d7wy7EaZGz16b2-nyZC8UBBwRwhzq1DWVpELybVbzl_Y0Eh56bRc8bfA1bN5st6KLmyv-zkI6KjO6wHqtloiGwpsRUWw',
 'e': 'AQAB',
 'd': 'N5qivrTKJiaDyACywO_O0NiR_jkMjKJighmUnoWtbG6JYsKtPpTXiAYArnIlOUjLIRvcK_78VKXD3b-SiTiNsCpnWymtLXmPOBv377-D40FnWOlUrjPgFiVKq5eH_tPDkNaaTJH1G9yp5HeIl8lUwKIrHG2VYU-xpQHCQP0icWQJJpniJks0agZJsPF95kkHi6J8g4mG-BOYQ5om_qYm54l7UzHSIdkUODDtzGHi8IXtVd8ON0FIHsBayc-LxkSy1fjtrr0_ksE5GIIRzFeEwf15bv4nbyzVss1-T-BeoxjQX5jsaWqVgjUXvOYCp6W1hPXt87AmWgd_ZWUm46gbAQ',
 'p': 'vjNEWox5DgAC_cFqNbJfjeQ2XeNObxupahRE6uG3dYtLvNjwjVNL_NdCPcANDXEyOt3hwb1VcLHgiQnz8WnSlxPGkyR3Iy2Yi7ZrFkxEK-4rqJDjDRaDnKe356WnwC4Tw7FR45d5bh50eLWZh9P_1JSnkZhZzmGjTu4nk8xqyVs',
 'q': 'vbriucb5qdyJItgJckpYKMXoGeCiXTrISf0JsfZudLyxo7FyH9tiaQ_aZAn07XKdzY3kz29Te3pTa0x

In [10]:
# use this when you want to verify signature in JWT.io
import json
print(json.dumps(private_key_jwk))

{"kty": "RSA", "n": "jPazKcy46avG2L7VMSDCu8JfsqFpdzka_BghUFGjLtWhIovWFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLejQFyLc9uOUFAOw0-zh6bDe5ZdE8jcTBGDVAgQIIeGQ-27Icp2wQSYK2NclsV89k_AXMw11TcAe6H-ylce-B74180K--fKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzFkt95eO7xF4VY1r06qQ2nUKbrnfEUjoxTxS4Ic4d7wy7EaZGz16b2-nyZC8UBBwRwhzq1DWVpELybVbzl_Y0Eh56bRc8bfA1bN5st6KLmyv-zkI6KjO6wHqtloiGwpsRUWw", "e": "AQAB", "d": "N5qivrTKJiaDyACywO_O0NiR_jkMjKJighmUnoWtbG6JYsKtPpTXiAYArnIlOUjLIRvcK_78VKXD3b-SiTiNsCpnWymtLXmPOBv377-D40FnWOlUrjPgFiVKq5eH_tPDkNaaTJH1G9yp5HeIl8lUwKIrHG2VYU-xpQHCQP0icWQJJpniJks0agZJsPF95kkHi6J8g4mG-BOYQ5om_qYm54l7UzHSIdkUODDtzGHi8IXtVd8ON0FIHsBayc-LxkSy1fjtrr0_ksE5GIIRzFeEwf15bv4nbyzVss1-T-BeoxjQX5jsaWqVgjUXvOYCp6W1hPXt87AmWgd_ZWUm46gbAQ", "p": "vjNEWox5DgAC_cFqNbJfjeQ2XeNObxupahRE6uG3dYtLvNjwjVNL_NdCPcANDXEyOt3hwb1VcLHgiQnz8WnSlxPGkyR3Iy2Yi7ZrFkxEK-4rqJDjDRaDnKe356WnwC4Tw7FR45d5bh50eLWZh9P_1JSnkZhZzmGjTu4nk8xqyVs", "q": "vbriucb5qdyJItgJckpYKMXoGeCiXTrISf0JsfZudLyxo7FyH9tiaQ_aZAn07XKdzY3kz29Te3pTa0xhO9oi

# Convert Private JWK to Private Key

In [11]:
private_key_bytes

b'-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAjPazKcy46avG2L7VMSDCu8JfsqFpdzka/BghUFGjLtWhIovW\nFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLejQFyLc9uOUFAOw0+zh6bDe5ZdE8j\ncTBGDVAgQIIeGQ+27Icp2wQSYK2NclsV89k/AXMw11TcAe6H+ylce+B74180K++f\nKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzFkt95eO7xF4VY1r06qQ2nUKbrnfEU\njoxTxS4Ic4d7wy7EaZGz16b2+nyZC8UBBwRwhzq1DWVpELybVbzl/Y0Eh56bRc8b\nfA1bN5st6KLmyv+zkI6KjO6wHqtloiGwpsRUWwIDAQABAoIBADeaor60yiYmg8gA\nssDvztDYkf45DIyiYoIZlJ6FrWxuiWLCrT6U14gGAK5yJTlIyyEb3Cv+/FSlw92/\nkok4jbAqZ1sprS15jzgb9++/g+NBZ1jpVK4z4BYlSquXh/7Tw5DWmkyR9RvcqeR3\niJfJVMCiKxxtlWFPsaUBwkD9InFkCSaZ4iZLNGoGSbDxfeZJB4uifIOJhvgTmEOa\nJv6mJueJe1Mx0iHZFDgw7cxh4vCF7VXfDjdBSB7AWsnPi8ZEstX47a69P5LBORiC\nEcxXhMH9eW7+J28s1bLNfk/gXqMY0F+Y7GlqlYI1F7zmAqeltYT17fOwJloHf2Vl\nJuOoGwECgYEAvjNEWox5DgAC/cFqNbJfjeQ2XeNObxupahRE6uG3dYtLvNjwjVNL\n/NdCPcANDXEyOt3hwb1VcLHgiQnz8WnSlxPGkyR3Iy2Yi7ZrFkxEK+4rqJDjDRaD\nnKe356WnwC4Tw7FR45d5bh50eLWZh9P/1JSnkZhZzmGjTu4nk8xqyVsCgYEAvbri\nucb5qdyJItgJckpYKMXoGeCiXTrISf0JsfZudLyxo

In [12]:
client.decode_private_jwk_to_pem(private_key_jwk)

b'-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAjPazKcy46avG2L7VMSDCu8JfsqFpdzka/BghUFGjLtWhIovW\nFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLejQFyLc9uOUFAOw0+zh6bDe5ZdE8j\ncTBGDVAgQIIeGQ+27Icp2wQSYK2NclsV89k/AXMw11TcAe6H+ylce+B74180K++f\nKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzFkt95eO7xF4VY1r06qQ2nUKbrnfEU\njoxTxS4Ic4d7wy7EaZGz16b2+nyZC8UBBwRwhzq1DWVpELybVbzl/Y0Eh56bRc8b\nfA1bN5st6KLmyv+zkI6KjO6wHqtloiGwpsRUWwIDAQABAoIBADeaor60yiYmg8gA\nssDvztDYkf45DIyiYoIZlJ6FrWxuiWLCrT6U14gGAK5yJTlIyyEb3Cv+/FSlw92/\nkok4jbAqZ1sprS15jzgb9++/g+NBZ1jpVK4z4BYlSquXh/7Tw5DWmkyR9RvcqeR3\niJfJVMCiKxxtlWFPsaUBwkD9InFkCSaZ4iZLNGoGSbDxfeZJB4uifIOJhvgTmEOa\nJv6mJueJe1Mx0iHZFDgw7cxh4vCF7VXfDjdBSB7AWsnPi8ZEstX47a69P5LBORiC\nEcxXhMH9eW7+J28s1bLNfk/gXqMY0F+Y7GlqlYI1F7zmAqeltYT17fOwJloHf2Vl\nJuOoGwECgYEAvjNEWox5DgAC/cFqNbJfjeQ2XeNObxupahRE6uG3dYtLvNjwjVNL\n/NdCPcANDXEyOt3hwb1VcLHgiQnz8WnSlxPGkyR3Iy2Yi7ZrFkxEK+4rqJDjDRaD\nnKe356WnwC4Tw7FR45d5bh50eLWZh9P/1JSnkZhZzmGjTu4nk8xqyVsCgYEAvbri\nucb5qdyJItgJckpYKMXoGeCiXTrISf0JsfZudLyxo

In [13]:
private_key_bytes==client.decode_private_jwk_to_pem(private_key_jwk)

True

# Create Headers

In [14]:
headers = client.create_headers(public_key=km.load_public_key_from_pem())
headers

{'typ': 'dpop+jwt',
 'alg': 'RS256',
 'jwk': {'kty': 'RSA',
  'n': 'jPazKcy46avG2L7VMSDCu8JfsqFpdzka_BghUFGjLtWhIovWFZlCrbf8Cxlm8qqJ6gQQGbL4U6OnAmffVDLejQFyLc9uOUFAOw0-zh6bDe5ZdE8jcTBGDVAgQIIeGQ-27Icp2wQSYK2NclsV89k_AXMw11TcAe6H-ylce-B74180K--fKeyyatOcui6bpCgukrqnp7fh5Zu6mvgE9FzFkt95eO7xF4VY1r06qQ2nUKbrnfEUjoxTxS4Ic4d7wy7EaZGz16b2-nyZC8UBBwRwhzq1DWVpELybVbzl_Y0Eh56bRc8bfA1bN5st6KLmyv-zkI6KjO6wHqtloiGwpsRUWw',
  'e': 'AQAB',
  'kid': '47bikqx2-HidGIgfd7vnFkO5-l5fEL1_4MacRdJvxPY'}}

# Create Payload

In [15]:
data = {
    "username": "test",
    "password": "P@ssw0rd"
}
payload = client.create_payload(method="POST", uri="http://localhost:8000/token", data=data)
payload

{'htm': 'POST',
 'htu': 'http://localhost:8000/token',
 'iat': 1732377055,
 'exp': 1732380655,
 'jti': 'b4267935-61af-41d6-b823-aa4fceae9a99',
 'username': 'test',
 'password': 'P@ssw0rd'}

# Sign by Client

In [16]:
client_signature = client.sign_by_client(headers=headers, payload=payload, private_key=km.load_private_key_from_pem())
client_signature

'eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsImtpZCI6IjQ3YmlrcXgyLUhpZEdJZ2ZkN3ZuRmtPNS1sNWZFTDFfNE1hY1JkSnZ4UFkiLCJrdHkiOiJSU0EiLCJuIjoialBhektjeTQ2YXZHMkw3Vk1TREN1OEpmc3FGcGR6a2FfQmdoVUZHakx0V2hJb3ZXRlpsQ3JiZjhDeGxtOHFxSjZnUVFHYkw0VTZPbkFtZmZWRExlalFGeUxjOXVPVUZBT3cwLXpoNmJEZTVaZEU4amNUQkdEVkFnUUlJZUdRLTI3SWNwMndRU1lLMk5jbHNWODlrX0FYTXcxMVRjQWU2SC15bGNlLUI3NDE4MEstLWZLZXl5YXRPY3VpNmJwQ2d1a3JxbnA3Zmg1WnU2bXZnRTlGekZrdDk1ZU83eEY0VlkxcjA2cVEyblVLYnJuZkVVam94VHhTNEljNGQ3d3k3RWFaR3oxNmIyLW55WkM4VUJCd1J3aHpxMURXVnBFTHliVmJ6bF9ZMEVoNTZiUmM4YmZBMWJONXN0NktMbXl2LXprSTZLak82d0hxdGxvaUd3cHNSVVd3In0sInR5cCI6ImRwb3Arand0In0.eyJodG0iOiJQT1NUIiwiaHR1IjoiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Rva2VuIiwiaWF0IjoxNzMyMzc3MDU1LCJleHAiOjE3MzIzODA2NTUsImp0aSI6ImI0MjY3OTM1LTYxYWYtNDFkNi1iODIzLWFhNGZjZWFlOWE5OSIsInVzZXJuYW1lIjoidGVzdCIsInBhc3N3b3JkIjoiUEBzc3cwcmQifQ.BsfA9TTIugunCRf2HZ_mmor75Hit21RYg_qNbyTejfZf8zAymDTGEU2Vd5xGpebeYOt220vnZEQtEajZvc-0arzt6Pvryw3PWxB-UdvvpJcg6WUMoQ2ctnJcaiNeYNi2R5Y-e8xFb6T9uYRTS9HBl4sR

# Verify Client's Signature

In [17]:
server = ServerJWTManagement(access_token_lifetime=60*10, refresh_token_lifetime=60*24)

In [18]:
server.verify_signature(client_signature)

Unexpected error: 'audience'


# Use Case

## Valid Signature

In [19]:
client = ClientJWTManagement(dpop_lifetime=60*5)
headers = client.create_headers(public_key=km.load_public_key_from_pem())
data = {
    "username": "test",
    "password": "P@ssw0rd"
}
payload = client.create_payload(method="POST", uri="http://localhost:8000/token", data=data)
client_signature = client.sign_by_client(headers=headers, payload=payload, private_key=km.load_private_key_from_pem())

In [20]:
server = ServerJWTManagement()
result = server.verify_signature(client_signature)
result

Unexpected error: 'audience'


## Invalid Signature: expire

In [21]:
client = ClientJWTManagement(dpop_lifetime=1)
headers = client.create_headers(public_key=km.load_public_key_from_pem())
data = {
    "username": "test",
    "password": "P@ssw0rd"
}
payload = client.create_payload(method="POST", uri="http://localhost:8000/token", data=data)
client_signature = client.sign_by_client(headers=headers, payload=payload, private_key=km.load_private_key_from_pem())

In [22]:
import time
time.sleep(2)

In [23]:
server = ServerJWTManagement()
result = server.verify_signature(client_signature)
result

Unexpected error: 'audience'


## Invalid Signature: fake

In [24]:
client = ClientJWTManagement(dpop_lifetime=60*60)
headers = client.create_headers(public_key=km.load_public_key_from_pem())
data = {
    "username": "test",
    "password": "P@ssw0rd"
}
payload = client.create_payload(method="POST", uri="http://localhost:8000/token", data=data)
client_signature = client.sign_by_client(headers=headers, payload=payload, private_key=km.load_private_key_from_pem())

In [25]:
# original payload
payload

{'htm': 'POST',
 'htu': 'http://localhost:8000/token',
 'iat': 1732377058,
 'exp': 1732380658,
 'jti': 'f07676d6-802f-49fb-9d4b-c4416e3a74b0',
 'username': 'test',
 'password': 'P@ssw0rd'}

In [26]:
# encrypted payload in signature
headers, en_payload, signature = client_signature.split(".")
en_payload

'eyJodG0iOiJQT1NUIiwiaHR1IjoiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Rva2VuIiwiaWF0IjoxNzMyMzc3MDU4LCJleHAiOjE3MzIzODA2NTgsImp0aSI6ImYwNzY3NmQ2LTgwMmYtNDlmYi05ZDRiLWM0NDE2ZTNhNzRiMCIsInVzZXJuYW1lIjoidGVzdCIsInBhc3N3b3JkIjoiUEBzc3cwcmQifQ'

In [27]:
# decode encoded payload
client.base64url_decode(en_payload)

'{"htm":"POST","htu":"http://localhost:8000/token","iat":1732377058,"exp":1732380658,"jti":"f07676d6-802f-49fb-9d4b-c4416e3a74b0","username":"test","password":"P@ssw0rd"}'

In [28]:
# test with original payload removing white space
json.dumps(payload).replace(" ", "").encode()

b'{"htm":"POST","htu":"http://localhost:8000/token","iat":1732377058,"exp":1732380658,"jti":"f07676d6-802f-49fb-9d4b-c4416e3a74b0","username":"test","password":"P@ssw0rd"}'

In [30]:
fake_data = {
    "username": "ahaoho",
    "password": "P@ssw0rd"
}
fake_payload = client.create_payload(method="POST", uri="http://localhost:8000/token", data=fake_data)
fake_payload = json.dumps(fake_payload).replace("", "").encode()
fake_payload

b'{"htm": "POST", "htu": "http://localhost:8000/token", "iat": 1732377092, "exp": 1732380692, "jti": "8d75f3da-96be-4dd6-a5f2-25f98393398d", "username": "ahaoho", "password": "P@ssw0rd"}'

In [31]:
en_fake_payload = client.base64url_encode(fake_payload)
en_fake_payload

'eyJodG0iOiAiUE9TVCIsICJodHUiOiAiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Rva2VuIiwgImlhdCI6IDE3MzIzNzcwOTIsICJleHAiOiAxNzMyMzgwNjkyLCAianRpIjogIjhkNzVmM2RhLTk2YmUtNGRkNi1hNWYyLTI1Zjk4MzkzMzk4ZCIsICJ1c2VybmFtZSI6ICJhaGFvaG8iLCAicGFzc3dvcmQiOiAiUEBzc3cwcmQifQ'

In [32]:
client.base64url_decode(en_fake_payload)

'{"htm": "POST", "htu": "http://localhost:8000/token", "iat": 1732377092, "exp": 1732380692, "jti": "8d75f3da-96be-4dd6-a5f2-25f98393398d", "username": "ahaoho", "password": "P@ssw0rd"}'

In [33]:
en_payload

'eyJodG0iOiJQT1NUIiwiaHR1IjoiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Rva2VuIiwiaWF0IjoxNzMyMzc3MDU4LCJleHAiOjE3MzIzODA2NTgsImp0aSI6ImYwNzY3NmQ2LTgwMmYtNDlmYi05ZDRiLWM0NDE2ZTNhNzRiMCIsInVzZXJuYW1lIjoidGVzdCIsInBhc3N3b3JkIjoiUEBzc3cwcmQifQ'

In [34]:
tampered_signature = ".".join([headers, en_fake_payload, signature])

In [35]:
client_signature

'eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsImtpZCI6IjQ3YmlrcXgyLUhpZEdJZ2ZkN3ZuRmtPNS1sNWZFTDFfNE1hY1JkSnZ4UFkiLCJrdHkiOiJSU0EiLCJuIjoialBhektjeTQ2YXZHMkw3Vk1TREN1OEpmc3FGcGR6a2FfQmdoVUZHakx0V2hJb3ZXRlpsQ3JiZjhDeGxtOHFxSjZnUVFHYkw0VTZPbkFtZmZWRExlalFGeUxjOXVPVUZBT3cwLXpoNmJEZTVaZEU4amNUQkdEVkFnUUlJZUdRLTI3SWNwMndRU1lLMk5jbHNWODlrX0FYTXcxMVRjQWU2SC15bGNlLUI3NDE4MEstLWZLZXl5YXRPY3VpNmJwQ2d1a3JxbnA3Zmg1WnU2bXZnRTlGekZrdDk1ZU83eEY0VlkxcjA2cVEyblVLYnJuZkVVam94VHhTNEljNGQ3d3k3RWFaR3oxNmIyLW55WkM4VUJCd1J3aHpxMURXVnBFTHliVmJ6bF9ZMEVoNTZiUmM4YmZBMWJONXN0NktMbXl2LXprSTZLak82d0hxdGxvaUd3cHNSVVd3In0sInR5cCI6ImRwb3Arand0In0.eyJodG0iOiJQT1NUIiwiaHR1IjoiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Rva2VuIiwiaWF0IjoxNzMyMzc3MDU4LCJleHAiOjE3MzIzODA2NTgsImp0aSI6ImYwNzY3NmQ2LTgwMmYtNDlmYi05ZDRiLWM0NDE2ZTNhNzRiMCIsInVzZXJuYW1lIjoidGVzdCIsInBhc3N3b3JkIjoiUEBzc3cwcmQifQ.AJ7TbRsJ8yne5WfaQ6AwPciXQ1BuNvVEanHni4xi3INpDgAjhqSoj4YrPKyzwkWqs0C5jbrJZnYIaoN3cawG38T8u-C_gjLdktUOxPfO8QhkZISs-AlZ9EHbEST50vDowCZuZhILTup9JU0LETSW1FlC

In [36]:
tampered_signature

'eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsImtpZCI6IjQ3YmlrcXgyLUhpZEdJZ2ZkN3ZuRmtPNS1sNWZFTDFfNE1hY1JkSnZ4UFkiLCJrdHkiOiJSU0EiLCJuIjoialBhektjeTQ2YXZHMkw3Vk1TREN1OEpmc3FGcGR6a2FfQmdoVUZHakx0V2hJb3ZXRlpsQ3JiZjhDeGxtOHFxSjZnUVFHYkw0VTZPbkFtZmZWRExlalFGeUxjOXVPVUZBT3cwLXpoNmJEZTVaZEU4amNUQkdEVkFnUUlJZUdRLTI3SWNwMndRU1lLMk5jbHNWODlrX0FYTXcxMVRjQWU2SC15bGNlLUI3NDE4MEstLWZLZXl5YXRPY3VpNmJwQ2d1a3JxbnA3Zmg1WnU2bXZnRTlGekZrdDk1ZU83eEY0VlkxcjA2cVEyblVLYnJuZkVVam94VHhTNEljNGQ3d3k3RWFaR3oxNmIyLW55WkM4VUJCd1J3aHpxMURXVnBFTHliVmJ6bF9ZMEVoNTZiUmM4YmZBMWJONXN0NktMbXl2LXprSTZLak82d0hxdGxvaUd3cHNSVVd3In0sInR5cCI6ImRwb3Arand0In0.eyJodG0iOiAiUE9TVCIsICJodHUiOiAiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Rva2VuIiwgImlhdCI6IDE3MzIzNzcwOTIsICJleHAiOiAxNzMyMzgwNjkyLCAianRpIjogIjhkNzVmM2RhLTk2YmUtNGRkNi1hNWYyLTI1Zjk4MzkzMzk4ZCIsICJ1c2VybmFtZSI6ICJhaGFvaG8iLCAicGFzc3dvcmQiOiAiUEBzc3cwcmQifQ.AJ7TbRsJ8yne5WfaQ6AwPciXQ1BuNvVEanHni4xi3INpDgAjhqSoj4YrPKyzwkWqs0C5jbrJZnYIaoN3cawG38T8u-C_gjLdktUOxPfO8QhkZISs-AlZ9EHbEST50vDowCZu

In [57]:
# original signature
server = ServerJWTManagement()
server.verify_signature(client_signature)

Decoded DPoP Proof JWT: {'htm': 'POST', 'htu': 'http://localhost:8000/token', 'iat': 1732377058, 'exp': 1732380658, 'jti': 'f07676d6-802f-49fb-9d4b-c4416e3a74b0', 'username': 'test', 'password': 'P@ssw0rd'}


{'htm': 'POST',
 'htu': 'http://localhost:8000/token',
 'iat': 1732377058,
 'exp': 1732380658,
 'jti': 'f07676d6-802f-49fb-9d4b-c4416e3a74b0',
 'username': 'test',
 'password': 'P@ssw0rd'}

In [58]:
# tampered signature
server = ServerJWTManagement()
result = server.verify_signature(tampered_signature)
result

Error: General JWT verification issue. Signature verification failed.
