Given this JWT token payload encoded in Base64Url:
eyJ1c2VyX2lkIjogMTIzLCJyb2xlIjogImFkbWluIn0
What is the decoded JSON payload?
Base64Url decoding converts the string back to JSON. Pay attention to key names and value types.
The Base64Url string decodes to the JSON object with keys user_id as number 123 and role as string "admin".
In the JWT authentication flow, which step ensures the token has not been tampered with?
Think about how the server knows the token is authentic and unchanged.
The server uses the secret key to verify the token's signature, confirming it was issued by a trusted source and not altered.
Consider this Python code snippet verifying a JWT token:
import jwt
token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.invalidsignature'
secret = 'mysecret'
try:
payload = jwt.decode(token, secret, algorithms=['HS256'])
print('Valid token')
except jwt.InvalidSignatureError:
print('Invalid signature')
except Exception as e:
print('Error:', e)What is the output when running this code?
The token's signature part is clearly invalid. What exception does the library raise?
The token has three parts but the signature is incorrect, so jwt.decode raises InvalidSignatureError.
Choose the correct Python code snippet that creates a JWT token with payload {"user": "alice"} and secret "key123" using HS256 algorithm.
Check the function signature and argument names carefully.
The correct syntax uses a dictionary for payload, the secret as second argument, and algorithm keyword for algorithm name.
Given this JWT token (header.payload.signature):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYm9iIiwiaWQiOjQ1LCJleHAiOjE2ODk0MjAwMDB9.somesignature
After decoding the payload, how many key-value pairs does it contain?
Decode the payload part and count the keys.
The payload contains keys: user, id, and exp, so 3 pairs total.