Ant Media
Why does our JWT token still validate even after changing the last digit? #6397
Answered
by
yashtandon113
amarantmeida
asked this question in
Q&A
-
|
Changing the last digit on our JWT token is still validating the token, is this as per design? |
Beta Was this translation helpful? Give feedback.
Answered by
yashtandon113
Jun 11, 2024
Replies: 1 comment
-
|
Hi @amarantmeida For example, this is the generated JWT token. Now if we change the last digit to 5, 6, or 7, it still validates. But if I make it to 3 or 8, then it becomes invalid. This is an expected behaviour of JWT’s token generation algorithm. Check out the article below for more details. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
lastpeony
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @amarantmeida
Thanks for asking the question.
For example, this is the generated JWT token.
Now if we change the last digit to 5, 6, or 7, it still validates. But if I make it to 3 or 8, then it becomes invalid.
This is an expected behaviour of JWT’s token generation algorithm. Check out the article below for more details.
https://medium.com/@mark_huber/decoding-the-jwt-anomaly-when-changing-a-tokens-last-character-doesn-t-break-verification-d6ab68627afb