Update
Managed to work around my problem with this method from GhostSharp:
public static class ByteConvertor
{
public static byte[] StringToByteArray(string hex)
{
int NumberChars = hex.Length;
byte[] bytes = new byte[NumberChars / 2];
for (int i = 0; i < NumberChars; i = 2)
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
return bytes;
}
}
Is there a better way to accomplish the same thing in C# or PowerShell? Am I missing some method on Encoding or Convert that would help me solve this?
I'm trying to construct a JWT token to authenticate against my Ghost Blog, but all of their samples are in Javascript, Ruby and Python. Nothing in C# or PowerShell and I can't seem to make the correct conversion.
This is the code I have right now:
$parts = $adminToken -split ":"
$id = $parts[0]
$secret= $parts[1]
$secret= [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($secret)) | ConvertFrom-Base64UrlString | ConvertTo-Base64UrlString
Install-Module -Name JWT
$jwtToken = New-Jwt -Header (@{
"alg" = "HS256"
"kid" = $id
"typ" = "JWT"
}| ConvertTo-Json) -PayloadJson (@{
"exp" = ([DateTimeOffset](Get-date).AddMinutes(5)).ToUnixTimeSeconds()
"iat" = ([DateTimeOffset](Get-date)).ToUnixTimeSeconds()
"aud" = "/admin/"
} | ConvertTo-Json) -Secret $secret
Invoke-RestMethod -Uri "https://scrumbug.ghost.io/ghost/api/admin/pages/$($trainingPage.id)" -Method PUT -Body ($trainingPage | ConvertTo-Json) -Headers @{Authorization="Ghost $jwtToken "}
But I keep getting complaints from Ghost that my token isn't correct:
50 | Invoke-RestMethod -Uri "https://scrumbug.ghost.io/ghost/api/admin/pag …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"errors":[{"message":"Invalid token: invalid
| signature","context":null,"type":"UnauthorizedError","details":null,"property":null,"help":null,"code":"INVALID_JWT","id":"069932a0-4009-11ed-afce-656a161cb24c","ghostErrorCode":null}]}
There are a number of samples in different languages, but I can't see what I'm missing anymore.
I suspect my error is in this line:
$key = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($secret)) | ConvertFrom-Base64UrlString | ConvertTo-Base64UrlString
Which should be equivalent to:
[secret].pack('H*')
Or:
printf '%s' "${input}" | base64 | tr -d '=' | tr ' ' '-' | tr '/' '_'
A sample token provided by Ghost in the admin panel used to construct the JWT token looks like $id:$secret:
THIS TOKEN HAS BEEN REVOKED AND IS NOT VALID.
644599e8733df7003d6fa66e:9aff4fdd6bb58957da5688a9cf0046a76bcc39b6b9ab16261123927f1caf5c94
CodePudding user response:
It's indeed the conversion from the token to a byte[] that does the magic trick.
Thanks to a colleague, the magic line of code I was looking for is:
[Convert]::FromHexString($secret)
Which does all the magic. Only works on PowerShell Core and .NET 5 .
The full solution to my problem:
Install-Module -Name JWT
$token = "id:secret" # Your token here
$parts = $token -split ":"
$id = $parts[0]
$secretKey = $parts[1]
$secretBytes = [Convert]::FromHexString($secretKey)
$jwtToken = New-Jwt -Header (@{
"alg" = "HS256"
"kid" = $id
"typ" = "JWT"
}| ConvertTo-Json) -PayloadJson (@{
"exp" = ([DateTimeOffset](Get-date).AddMinutes(5)).ToUnixTimeSeconds()
"iat" = ([DateTimeOffset](Get-date)).ToUnixTimeSeconds()
"aud" = "/admin/"
} | ConvertTo-Json) -Secret $secretBytes
Invoke-RestMethod -Uri "https://scrumbug.ghost.io/ghost/api/admin/pages/$($trainingPage.id)" `
-Method PUT `
-Body ($pageJson | ConvertTo-Json) `
-Headers @{Authorization="Ghost $jwtToken "}