09. Practice - Generating and Verifying JWTs

Practice - Generating and Verifying JWTs

Below is a Jupyter Notebook with some starter code you can use to practice generating and verifying JWTs. After the Notebook, you'll find some questions—see if you can answer them by using the starter code. If you get stuck, check out the JWT library project page .

Workspace

This section contains either a workspace (it can be a Jupyter Notebook workspace or an online code editor work space, etc.) and it cannot be automatically downloaded to be generated here. Please access the classroom with your account and manually download the workspace to your local machine. Note that for some courses, Udacity upload the workspace files onto https://github.com/udacity , so you may be able to download them there.

Workspace Information:

  • Default file path:
  • Workspace type: jupyter
  • Opened files (when workspace is loaded): n/a

In the question below, you'll find some JWTs. Which of these may have been tampered with?
These were signed with the secret learning .

Note: You can triple-click on the tokens given below and then copy and paste them into the notebook.

Verifying JWTs

Which of these JWTs may have been tampered with?
These were signed with the secret learning .

Token 1 

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXJrIjoiY2VudHJhbCBwYXJrIn0.H7sytXDEHK1fOyOYkII5aFfzEZqGIro0Erw_84jZuGc

Token 2 : 

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXJrIjoiYmF0dGVyeSBwYXJrIn0.bQEjsBRGfhKKEFtGhh83sTsMSXgSstFA_P8g2qV5Sns</pre>
SOLUTION:
  • *Token 2*

Now, see if you can decode the JWTs given below.

Match the Payload to the JWT

QUIZ QUESTION: :

Token A : 

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXJrIjoiY2VudHJhbCBwYXJrIn0.H7sytXDEHK1fOyOYkII5aFfzEZqGIro0Erw_84jZuGc

Token B : 

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXJrIjoidW5pb24gc3F1YXJlIn0.N3EaAHsrJ9-ls82LT8JoFTNpDK3wcm5a79vYkSn8AFY

Token C : 

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXJrIjoiYmF0dGVyeSBwYXJrIn0.bQEjsBRGfhKKEFtGhh83sTsMSXgSstFA_P8g2qV5Sns

ANSWER CHOICES:



JWT

Payload

{'park':'central park'}

{'park': 'battery park'}

{'park':'union square'}

SOLUTION:

JWT

Payload

{'park':'central park'}

{'park': 'battery park'}

{'park':'union square'}

Encoding a JWT

QUESTION:

Encode a JWT with the payload {'school':'udacity'} using the HMAC SHA256 algorithm and learning as the secret.

SOLUTION:

NOTE: The solutions are expressed in RegEx pattern. Udacity uses these patterns to check the given answer

Next Concept