Testing Json Web Token using Sample Gen

[Karl Stubsjoen]

I'm using the form on this page:

https://developers.google.com/commerce/wallet/digital/docs/tutorial

To test the JWT I am generating on the fly, and encoding, but am not even close to what supposedly is created by the demo script on this page.  This is after I have succefully completed the samples from this page, so I know a little about what I am doing

http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#appendix-A

My questions is:  is there a key being used when signing it, and what is the JWT header for this one?  Am I suppose to provide the additional fields like, ISS, AUD, TYP?

My JSON payload looks like:

{

    "iat": 1362375285,

    "exp": 1362375312,

    "request": {

        "name": "First Thing",

        "description": "This is the first thing",

        "price": "9.99",

        "currencyCode": "USD",

        "sellerData": "not any really"

    }

}

Thanks,

Karl..

[Mihai Ionescu]

Hi Karl,

You sign the JWT with your Seller Secret. You need to provide the required fields mentioned here:

https://developers.google.com/commerce/wallet/digital/docs/jsreference#jwt

Please have a look at the samples page for examples in Python and Java:

https://developers.google.com/commerce/wallet/digital/docs/samples

Thanks,

Mihai

--
You received this message because you are subscribed to the Google Groups "In-App Payments for Web Apps" group.
To unsubscribe from this group and stop receiving emails from it, send an email to in-app-paymen...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Karl Stubsjoen]

OK, I got that but it says

Tip: You can test the JWTs you generate by comparing them to the JWTs produced by the demo.

And since you can go to that page, generate the JWSToken and not be logged in to that demo page... you see, how does that demo know what my Seller Secret is (I don't believe it does), and what my seller ID is?  What am I missing?

Thanks,

Karl..

[Mihai Ionescu]

Hi Karl,

You don't need the Seller Secret to decode a JWT. The Seller Secret is used to "verify" a decoded JWT.

The JWT is made up of three parts (separated by '.'): Header.Claims.Signature

Header and Claims are just Base64 encoded. You can always decode the Header and Claims of the JWT to its JSON format.

Please use the decoder below on the JWT generated by the demo to extract the Header.Claims.Signature:

https://developers.google.com/commerce/wallet/digital/docs/jwtdecoder

Thanks,

Mihai

[Karl Stubsjoen]

Woah!  OK, the light just went off.  That's it.  I understand now.  Thank you for your help.

Karl..