jwt_tool icon indicating copy to clipboard operation
jwt_tool copied to clipboard
verified publisher icon ticarpi

Regex doesn't recognize JWT token

Open vdb-sander opened this issue 3 years ago • 3 comments

In the latest version (2.2.5) the regex to find the JWT token is set to the following. However, the payload of the token I was about to test started with eyI. This didn't match the regex and resulted in Cannot find a valid JWT.

eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*

Modifying all regexes in the code to the following resolved my issue.

eyJ[A-Za-z0-9_\/+-]*\.ey[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*

vdb-sander avatar Jun 02 '22 09:06 vdb-sander

Nice one. Yes, this is a very narrow case, but it can happen. The regex /eyJ./ matches the first block (4 chars) of base64 output for any string beginning with /{"[a-zA-Z]/ - that is, any JSON object with a key/name starting with an alpha char. If the JSON object has a first key/name as a quoted numeric value (e.g. {"1":"one","2":"two"}), then the base64 value will match regex /eyI./ I have never seen this myself, but changing the regex of the JSON base64 sections to the following would be wise to cover those edge cases (while minimisng false positives): /ey[IJ][A-Za-z0-9_\/+-]*/ So: /ey[IJ][A-Za-z0-9_\/+-]*\.ey[IJ][A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*/

ticarpi avatar Jun 18 '22 21:06 ticarpi

It happens to JWT of my client too with start eyA

fdaugan avatar Feb 03 '24 00:02 fdaugan