这就是我面临的问题,
https://play.golang.org/p/Pq8xHAERD57
如果运行上述代码,第一个令牌JWKS对不会验证签名,但第二个会验证!但两者都在jwt中验证签名。木卫一。有什么办法可以用一个Golang图书馆来验证它吗?
奇怪的是如果你拿了失败的代币?我调试后发现函数func VerifyPKCS1v15(pub*PublicKey,hash crypto.html" target="_blank">hash,hash[]字节,sig[]字节)错误失败{
在线路上
ok &= subtle.ConstantTimeCompare(em[k-hashLen:k], hashed)
ok &= subtle.ConstantTimeCompare(em[k-tLen:k-hashLen], prefix)
这与它的嵌套标记有关吗?
这两个函数都返回-1(对于crypto来说不太好,不知道为什么),但看起来签名不正确
失败的JWT令牌:
eyJraWQiOiIyMzZjODhkMS01YjUxLTRjZDMtYjczYi1kNmI0YzFmYmUxNzciLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzZTRkNDA5My04M2U2LTRiZGYtODkwYi1kNDBhYjgyMTE0MzkiLCJhdWQiOiJvYnJicy5vcGVuYmFua2luZy1jb25zZW50Lm9wZW5iYW5raW5nLWNvbnNlbnQtc3RhbmRhbG9uZSIsImlzcyI6InJic2cub3BlbmJhbmtpbmcuc2l0LnBheW1lbnRzLWxpbWl0cy12MSIsImV4cCI6MTYxMDYzMjQxNSwiaWF0IjoxNjEwNjMyMTE1LCJuYmYiOjE2MTA2MzIxMTUsIm1zX3Byb3BhZ2F0ZWRfand0IjoiZXlKcmFXUWlPaUpsT0dRMk1HSXlZaTB5T1RFeUxUUmpNamd0T0RNeE55MWhOemszT1dZeFlUVmtOamdpTENKaGJHY2lPaUpTVXpJMU5pSjkuZXlKcWRHa2lPaUpsTkRaa1l6VXdPQzAxWXpKaUxUUXhaall0WW1ZMU1TMWtZVE0yTVRKak9UWTVOak1pTENKaGRXUWlPaUp5WW5ObkxtOXdaVzVpWVc1cmFXNW5Mbk5wZEM1d1lYbHRaVzUwY3kxc2FXMXBkSE10ZGpFaUxDSnBjM01pT2lKdlluSmljeTV2Y0dWdVltRnVhMmx1WnkxaGRYUm9laTV2Y0dWdVltRnVhMmx1WnkxaGRYUm9laTF6ZEdGdVpHRnNiMjVsSWl3aVpYaHdJam94TmpFd05qTXlNVFF6TENKcFlYUWlPakUyTVRBMk16SXhNVE1zSW01aVppSTZNVFl4TURZek1qRXhNeXdpYlhOZmNISnZjR0ZuWVhSbFpGOXFkM1FpT2lKbGVVcHlZVmRSYVU5cFNUVmpRMGx6U1cxR2MxcDVTVFpKYTFaVVRXcFZNa2x1TUM1bGVVcDZaRmRKYVU5cFNYZE5WRUUwVGxSbmQwMUVVVFZKYVhkcFl6STViV1JJWkdoamJWWm1XVEo0Y0ZwWE5UQllNalZvWWxkVmFVOXBTa1ZTVmsxblVqSldkVnBZU25CWmVVSXdXbGhPTUVsSFRuTmhWMVoxWkVOQ1QxWXdTV2xNUTBwcFlWYzBhVTlwU1hoUFJFVXpUbXByZWs1VVkzZEphWGRwWVZoT2VrbHFiMmxWUjJ4MVdqQkdhbGt5Vm5wak1FWXhaRWRvVldJeWRHeGlhVWx6U1c1T2RscHVVak5aV0Vwc1dETlNkbU14T1RGamJXdHBUMmxLYjJSSVVuZGplbTkyVERKU2JHUnRWbk5pTTBKc1kyazFkVmxZVWpOYVdFNHdURzFPZG1KVE9XdGtWekYwWlZZNU1GcFlTblJqZVRWdlpFY3dhVXhEU21waFZ6UnBUMmxKZUUxRVZUVk9SR00xVGxSbk5FbHBkMmxrUjJoNVdsZEdNRmd6U214Wk1qbDVXa1k1ZVZwWVRqRmlTRkZwVDJsS1IxbFhiSE5rV0Vwc1NXbDNhV050Vm5wa1Z6RnNXRE5XZVdKRFNUWkpiV2d3WkVoQ2VrOXBPSFpoVjBaMFRGZEdNV1JIYUhWTVdFNXdaRU14ZVZsdVRYVmlWMFoxV1Zka2JGcElVbXhqTTFGMVdUSTVkRXd5Um5wTU0yUlpVMFprUTB3elNteGpNMVowV2xNNWFHTjVPV2hrV0ZKdllqTktjR1Z0UmpCaFZ6bDFURzVDY0dKdFkybE1RMHAzWVZoT2QxZ3pRbXhqYlRGd1l6Tk9jR0l5TldaYWJYaG9XbmxKTm1KdVZuTmlRM2RwV1RKNGNGcFhOVEJZTW14clNXcHZhVTV1YUZGV1ZXZzBZbFpPZEZScWFITmFhM2Q1VW0xS05tUllaM3BqZVVselNXNVNkR1ZHT1hwa1dFSjNZMjFXZW1NeWJIWmliRGx0WWtkR2JrbHFjSFZrVjNoelRFTktlbUl5V2pCa01rWjVXbFk1ZDJJeWVIQlpNMnhtWkZoS2NFbHFiMmxoU0ZJd1kwaE5Oa3g1T1d0YVdGcHNZa2M1ZDFwWVNYVmliVVl3WkRKV2VtUkROV3BpTWpCMldraFdkR0pZYkdaalJ6bHpZVmRPTlV4dGFEQmlVMGx6U1c1V2VscFlTbVpaV0ZZd1lVYzFabUpYVmpCaFJ6bHJTV3B2YVdGWFJuUk1XRWt3WTBNeE0xcFhTV2xNUTBwNllqSmFNR1F5Um5sYVZqbHdXa05KTmtscVdqUlZSbFpKWlVjeFZHSlZORFJpUjFwTlRXdGFhV1Z1VmpSTk0wMXBURU5LZG1OSFZuVlpiVVoxWVRKc2RWb3hPWEJpYmxKc1ltNVNabUZYVVdsUGFVcHFUa1JyZVU1RVVUTmFha1UwV1cxRk1FOUVSbWxaYWtFd1RrUkpORmx0VFhwUFYwVXhXVlJSTUUxcFNYTkpibEo2VFd3NWFGa3lUblprVnpVd1dESnNhMGxxYjJsVWFUbENTV2wzYVdSWVRteGpiRGt3WlZoQ2JFbHFiMmxVYVRsQ1NXbDNhVmt6Vm5wa1Jqa3daVmhDYkVscWIybFZSVlpUVlRBNVQxRlZkMmxNUTBwb1pGaFNiMkpzT1hSYVdGSnZZakpSYVU5cFNsTk9Sa0ZwVEVOS2RtTkhWbmxaV0ZKd1ltMWtabGx1U21oaWJWRnBUMmxLVTFGc1RXbE1RMHAyWTIxa1ptSnRSblJhVTBrMlNXczFhR1JIYkhaaWJVWnpTVVprYkdNelVuUmhWelY2WkVkV2VVbEZTbWhpYlhOblZVZDRha2xwZDJsYVdHaDNTV3B2ZUU1cVJYZE9hazE1VGtSQk1reERTbkJaV0ZGcFQycEZNazFVUVRKTmVrbDRUVlJGYzBsdFJuQmpNMEptWTBkV2VXSlhiSHBqTW14MlltdzViV0pIUm01SmFuQjFaRmQ0YzB4RFNuWmliRGxwV2xkb2FHSkhXbVppTWxscFQybEtNRnBZVGpCU1IxWnpXbGRrYUdSSFZsTlJiRTFwVEVOS2FHUlhVV2xQYVVwMldXNUthV041TlhaalIxWjFXVzFHZFdFeWJIVmFlVEZvWkZoU2IyVnBOWFpqUjFaMVdXMUdkV0V5YkhWYWVURm9aRmhTYjJWcE1YcGtSMFoxV2tkR2MySXlOV3hKYVhkcFpFY3hORmd6VG14ak0wNW1ZVmRSYVU5dE5URmlSM2R6U1cxNGNHSnRkR3hhUmpscVlWYzBhVTlwU1hkSmFYZHBXVEpLZDJGWGJHWmpSMVo1WWxkc2VtTXliSFppYkRsdFlrZEdia2xxY0hWa1YzaHpURU5LZVZwWFpIQmpNMUo1V1ZoU2NHSXlOV1phUjBZd1dsTkpObUp1Vm5OaVEzZHBZekk1YldSSVpHaGpiVlptWWtjNWJtSXhPVEZqYld0cFQybEtiMlJJVW5kamVtOTJUREpTYkdSdFZuTmlNMEpzWTJrMWRWbFlVak5hV0U0d1RHMU9kbUpUT1d0a1Z6RjBaVlk1YzJJeVpIWk1ia0oxV25sSmMwbHRPWGxhTVRsd1drTkpOa2xxUVhkTlZGVTBUVVJCZDAxRVFuRmFibVEwVjBWR1FsVlRTWE5KYlU1MlkyNUtiR0pIUmpCaFZ6bDFXREpzYTBscWIybE9ha0UxVFdwUk1VOVVRWHBOZW1kNlRtcGplazE2VlRST2VrbDRUVlJSZDAxVVJYcE9SR013VGxSSk5FOURTWE5KYlU1MlltNU9iR0p1VW1aak0xSm9aRWhXZWtscWIybGxNWGRwVWtkV2FtSkhiSFZhVm5kcFQyeDNhVTFVV1RSTk1rbDVUbFJSTVZsWFJYaFphbWN3V21wQk5VMVhWbWhPVkZaclRrUk9iVnBIVW10T1JGcGpTV2w0WTBscldtaGhWM2d4WTIxV1kwbHFjR05KYW1kNVQxZEdhMXBFV210YVYxa3lXWHBqTTAxdFJtdE5iVkpxVFdwcmVFNTZSVFJOYWs1cFRVUkthRmhEU1hOWVEwcENZa2Q0ZG1ReGQybFBiSGRwV20xYWFrNXFSVEJQUjFaclRVUm5lbHBVU20xWmJWbDRUbFJaTUU1WFNUVk5NazVxV1ZSUmVFMHlTbU5KYmpCcFRFTktlbUl5V2pCa01rWjVXbFk1ZVdJeWVHeGplVWsyU1d4MFVWTldUbEZNUTBKQ1UxWk9VVmhUU1hOSmJsSjBaVVk1ZG1OdFpHWmhWMUZwVDIwMU1XSkhlRGt1YWpZeE0xWm9kMGcyYUV4Q2EzZEJOazVWVG1kMVFYRkZSWEZFTTBwYVpYWlhUMGd3YVV4aGJVcHpSRUkyVEVvdFMzY3ljbEZ4VDJ0VFkycHFZbXRUV1c4MVIxbG1hbGgxWTBoYWNuTlpORzR0YWpkZldtY2lMQ0p0YzE5dFpYTnpZV2RsWDJoaGMyZ2lPaUprT0RZNE9ERXpNMlJqTkRVMlpqZzNOemt3WWpJNVlqbGlaR0kwWWpCa1lqYzFZek5tT1RRMk5HSXhaREpsT1dJd1pXUXlZamxsWXpOa09UazBOVGxsSW4wLmNDNjFiVk1zcVNUWFBRd0ZHclU0cmhXVHNUbGI4YXktOG1lT3gtXzZUQ2d3SHFpbHBsZFhWLXFGYzQyNTZrWWxOU2JYcGxjZ0FqRjc0cEwtelg1a2tzZk9sdzFIUUNsLW16REZveE1VTGd1ZFcwZkJPYzNMekxJWFM3cG40LTZFLVlzdktPVmV2Ymg2NFRBUF9SNzRIX2pNQUVJeXVIc25IeXlfU09Hd1NmWnFwdTBwa0M4enF6ZjBMVjBRS21RS2hTUW9sZkI3U2J0dmNDc19LcG80S3hPdFhmbUVFMlRDMGZKTkJ2cnR4dVZGa0hTdV83REtCYUZmSmNEYmdhZGVkZ2xBOGVMWmNqRzNFY3hlcng4QVFGZVRZTzlOV0xKNU12dW9UWkd2ZjdzTVFSRGMtdGphUVdsODlRdG5pQzFxSXlZTUFGOU1TcG9IcWxmOXMweXJVdyIsIm1zX21lc3NhZ2VfaGFzaCI6IjE5ODg0M2FmOTQyOTcyOGQxZTMyMDdmOGRjNmYzZGE4ZjI1ZWFkY2M5ZDQxY2ZhZWNhNTY5YjllNjY4MWZmOTYifQ.jKehsnGG5j1dOYWlwuF0vKGNbENI1HD35A9g89lhmMrkPhfZ8_lYw4lIkZ16Bepj6HZ53xnTtRXGtmcOZZMr0smh3l5SQ20-CZ6M0yT0wIUZYxJcXmR9_iR7zHI2SvVCpH5CWdlRUNQx9z51Z1SIjc5xvau19omCuMIz7YLZ2Py2tppKz04A8s2xA6Aox-th1dhuKE8NmhTzMnp6UUKbHFyw3Sf7BXJHvQlx4wPB1Pn5l0IZLnD078UsxNmI4r42tECAOmwa0POzzPntlcJNutQZ2QfB68F3YWQZ6YjKF4zTEcZjmMnqVKRLdTyJezGpzXEnitMrnXH-awztlN0d1A
将密钥部分单独带到这个网站,制作一个PEM编码的公钥,然后在jwt.io运行,签名验证!!!
https://8gwifi.org/jwkconvertfunctions.jsp
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVoCP5ZRqb/e5Vea/dvu
Nr0NAP/6K+x8Q5iV9ZaSjawp7mqmcDORTgUejrVvLUaeOO+xO4OLHRkqsb75R0VV
IaB/hfTszCjo+CfQ5WUfH9tb3AVUP6bnx/l5VMWVrkYW1YVnaYqrJOD7axS9YXaV
XgEixtHkwqNVLuCJ4Y6S1YxUCJZa4pCCOsPFd0tz4/mNLNUZRJUNuyK4v7AcsIlY
qvl2J/G5cUCKFwSjaRBxPih+pd84dJIktU3xZeyZOMg/G5WiUujoyf20Fx5avLKV
79F31dNBGUIVvu9woQb3mH00IULTJj1HhKjZkyJ16cvkiJ2G1jUk6r4v0cWc652u
ZwIDAQAB
-----END PUBLIC KEY-----
JWT的JWK失败:
{
"kty":"RSA",
"kid":"236c88d1-5b51-4cd3-b73b-d6b4c1fbe177",
"use":"sig",
"n":"zVoCP5ZRqb_e5Vea_dvuNr0NAP_6K-x8Q5iV9ZaSjawp7mqmcDORTgUejrVvLUaeOO-xO4OLHRkqsb75R0VVIaB_hfTszCjo-CfQ5WUfH9tb3AVUP6bnx_l5VMWVrkYW1YVnaYqrJOD7axS9YXaVXgEixtHkwqNVLuCJ4Y6S1YxUCJZa4pCCOsPFd0tz4_mNLNUZRJUNuyK4v7AcsIlYqvl2J_G5cUCKFwSjaRBxPih-pd84dJIktU3xZeyZOMg_G5WiUujoyf20Fx5avLKV79F31dNBGUIVvu9woQb3mH00IULTJj1HhKjZkyJ16cvkiJ2G1jUk6r4v0cWc652uZw",
"e":"AQAB"
}
========================================================= 成功验证的第二个令牌
eyJraWQiOiJlZTJkZWY1Mi1hZmQxLTQxMGUtOWFhOC0wODYzMzYyMzRlOTMiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYzlmZWI2Zi1jZDdmLTRlZTctOWY1OS04ZGUzMTNhZDU2YzAiLCJhdWQiOiJyYnNnLm9wZW5iYW5raW5nLnNpdC5vZmZlcnMtdjEiLCJpc3MiOiJyYnNnLm9wZW5iYW5raW5nLnNpdC5hY2NvdW50cy12MyIsImV4cCI6MTYxMDcxNjE2NiwiaWF0IjoxNjEwNzE1ODY2LCJuYmYiOjE2MTA3MTU4NjYsIm1zX3Byb3BhZ2F0ZWRfand0IjoiZXlKcmFXUWlPaUkwWkRVNE5ETTRZeTFpWW1WaUxUUXlaR0l0WW1FMlpDMDROekE0TWpkbVlqRTFPVE1pTENKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUo5LmV5SnpkV0lpT2lJd01UQTROVGd3TURRNUlpd2ljMjltZEhkaGNtVmZZMnhwWlc1MFgyNWhiV1VpT2lKRVJWTWdSMlZ1WlhKcFl5QjBaWE4wSUdOc2FXVnVkQ0JPVjBJaUxDSnBjM01pT2lKeVluTXVZWEJwWjJWbExuTnBkQ0lzSW1Ga1pHbDBhVzl1WVd4ZlkyeGhhVzF6SWpwN0ltTnVaaUk2SW50Y0luZzFkQ05UTWpVMlhDSTZYQ0l4UWtWRVFqTkZOVUZEUWtZek5UTkNNRGcwTWpWRVEwTTNOak5ETVRJeFFqVkZNVU0wT1RFMlhDSjlJaXdpYkdsdWEyVmtYMk5wYmlJNklqQWlMQ0pqYjI1elpXNTBYM04wWVhSMWN5STZJazVjTDBFaUxDSmhZM0lpT2lKMWNtNDZiM0JsYm1KaGJtdHBibWM2Y0hOa01qcHpZMkVpTENKamIzSnlaV3hoZEdsdmJsOXBaQ0k2SWpVM05qazVNVEV3TURZM05UZzBOVE0yTlRBeU1URTFNREV4TXpBeE5UUTBNemNpTENKamRYTjBYM1I1Y0dVaU9pSlFSVkpUVDA1QlRDSXNJbUpwYmlJNklqRTRNVGMyT1RNMU56QWlMQ0p2Y0dWdVltRnVhMmx1WjE5cGJuUmxiblJmYVdRaU9pSXpORFkwWkRrMk16WTNZakUwT1RWaU9UTTJNelUwT1RFd09XTm1ZelE1TmlJc0ltOXdaWEpoZEdsdVoxOWljbUZ1WkNJNklsSkNVeUlzSW5WelpYSmZZWFYwYUc1ZmJXVjBhRzlrSWpvaWFXRnRMWEkwY0MxM1pXSWlMQ0p6YjJaMGQyRnlaVjl5YjJ4bGN5STZXeUpRU1ZOUUlpd2lRVWxUVUNKZExDSmphVzRpT2lJeE1EVTVORGM1TlRnNEluMHNJbU5zYVdWdWRGOXBaQ0k2SWpaNFVGVkllRzFUYlU0NGJHWk1Na1ppZW5WNE0zTWlMQ0p6YjJaMGQyRnlaVjlwWkNJNklqWjRVRlZJZUcxVGJVNDRiR1pNTWtaaWVuVjRNM01pTENKaGRXUWlPaUp5WW5ObkxtOXdaVzVpWVc1cmFXNW5Mbk5wZEM1aFkyTnZkVzUwY3kxMk15SXNJbTl5WjE5cFpDSTZJakF3TVRVNE1EQXdNREJxWm5kNFdFRkJVU0lzSW5OamIzQmxJam9pYjNCbGJtbGtJR0ZqWTI5MWJuUnpJaXdpYjNCbGNtRjBhVzVuWDJKeVlXNWtJam9pY21Keklpd2liM0puWDI1aGJXVWlPaUpPWVhScGIyNWhiQ0JYWlhOMGJXbHVjM1JsY2lCQ1lXNXJJRkJzWXlJc0ltVjRjQ0k2TVRZeE1EY3hOVGt5TlN3aWFXRjBJam94TmpFd056RTFPRFkxTENKcWRHa2lPaUkyWXpNMU5UTmxOUzFqWW1GaExUUXdNV1l0T1RaaU15MHpNREUxWlROaVlUYzRaRFVpZlEuRUh0Q2JhYUE1amN4OHNXZTNaU3dndVR0QkxQc3pxQ1ZBRmJrcm5rUmdRdVYtUVdyTHFFMTNidUVnY0Z5eFF3dlNxcFhZR2dyeTVKMXh0YlJYOFhxZzNmdzFOWXppMms4cWlUNm12WFJoUDVtSDJySVVVVE1FVUt2TW1maFlRWlRtdGNDcS1NYnZ5UzRkWURhR3NXbnZ0Y1U5cHYxYUxYT21ydFUwdmhrVlpaNUwyakJnRTdFOWZ2amZMZE5oUERacGpINGpjNHJaY1VhMmc3clVlMEJoNTY2WURhQ2txS2J6VjBuRDRWV0hLOERsX19jNU1FNVpLMkFJSnJTd3RBQkhtaElwWUV1N1JhUWlPd1ZBRFRNd0ZfcWRJeU1jdVM1dVhtZk1uTi0xcFFOREV2ZzN6MmhvNzJTNjVkS0x5Y0JfejA1b1lwMGUybWw1ZHBFaDZjNUdnIiwibXNfbWVzc2FnZV9oYXNoIjoiYTliMWIwZGNmOTkxYzUyOGFjYWFmNTI0OTMxMGEyYWVhOTM3MGM1NjFjZDdmMjliNDY4MzQzM2YwYjg0YWIzYyJ9.PTZjUdQ386cC5AloVW5UCXtmHqYZD7zo4JisAjZIQdGowxDR0HfnZ8TEDwb20c7HmYHXUmnP971vYNoI4gEifFWVmiEbiFxKgp1pR68LyqC-qclJApB8jLrMFfSxKiwgKIyLkLqBg6XTGonOVJZcLi3--UD7fiRxj-s-Oq1kH7s3lqyp3-C6oLDHiVZmHfFtOaZQFGFGUhmDCodkMNEGeGm28hyMNZXpB0kgA8FQehEhfMAUe1yHA2hgzONNn4eMAYnVMBb7Ax4pMxHQKbhPP15vU4AOWI4xo1VFZrWtydI9yvFggJu_S_pu5c6Z8PywKMGHZjhh-XaCouVG85Z_PQ
其PEM发布密钥:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhL1hBsWFuD4oXZ6SELvi
bUcv9ap7QDBVZv5BZzGOyjsGmKXumi3UsfAHhhMPC3r9jt6tUsbsp4ahvuBS+9lK
lOk45DtJW4aQRI2k24KAyniwFNweBy1gJny9jrDYHJ7Vot0hkIT86oMqM6gVnbLV
qzrNuQGA+zpB6Crlpzr8z094j7h+KcHTaPJh/qTZq/IUE3xxC0oPfGFYUohWeEjY
Bx7yq3jkMVXEQ9POtcTY9ttNCg9f9MpeNO1la/YMRsiEzJDLEnAtskndTfw6Awad
fN7VZXKHaajFkBulRwZkxo8JusHCQzNWctbfHTYpsvKZBMHTRAjbrTzEE8Ps0x/T
oQIDAQAB
-----END PUBLIC KEY-----
其JWK:
{
"kty":"RSA",
"kid":"ee2def52-afd1-410e-9aa8-086336234e93",
"n":"hL1hBsWFuD4oXZ6SELvibUcv9ap7QDBVZv5BZzGOyjsGmKXumi3UsfAHhhMPC3r9jt6tUsbsp4ahvuBS-9lKlOk45DtJW4aQRI2k24KAyniwFNweBy1gJny9jrDYHJ7Vot0hkIT86oMqM6gVnbLVqzrNuQGA-zpB6Crlpzr8z094j7h-KcHTaPJh_qTZq_IUE3xxC0oPfGFYUohWeEjYBx7yq3jkMVXEQ9POtcTY9ttNCg9f9MpeNO1la_YMRsiEzJDLEnAtskndTfw6AwadfN7VZXKHaajFkBulRwZkxo8JusHCQzNWctbfHTYpsvKZBMHTRAjbrTzEE8Ps0x_ToQ",
"e":"AQAB"
}
我制作了一个包,用于在使用JWKS:github时帮助解析和验证JWTs。com/MicahParks/keyfunc
这个包与最流行的JWT包一起使用,github。com/dgrijalva/jwt go
。
如果您将JSON Web密钥JWKs放入JSON Web密钥集JWKs,它将如下所示:
{
"keys": [
{
"kty": "RSA",
"kid": "236c88d1-5b51-4cd3-b73b-d6b4c1fbe177",
"use": "sig",
"n": "zVoCP5ZRqb_e5Vea_dvuNr0NAP_6K-x8Q5iV9ZaSjawp7mqmcDORTgUejrVvLUaeOO-xO4OLHRkqsb75R0VVIaB_hfTszCjo-CfQ5WUfH9tb3AVUP6bnx_l5VMWVrkYW1YVnaYqrJOD7axS9YXaVXgEixtHkwqNVLuCJ4Y6S1YxUCJZa4pCCOsPFd0tz4_mNLNUZRJUNuyK4v7AcsIlYqvl2J_G5cUCKFwSjaRBxPih-pd84dJIktU3xZeyZOMg_G5WiUujoyf20Fx5avLKV79F31dNBGUIVvu9woQb3mH00IULTJj1HhKjZkyJ16cvkiJ2G1jUk6r4v0cWc652uZw",
"e": "AQAB"
},
{
"kty": "RSA",
"kid": "ee2def52-afd1-410e-9aa8-086336234e93",
"n": "hL1hBsWFuD4oXZ6SELvibUcv9ap7QDBVZv5BZzGOyjsGmKXumi3UsfAHhhMPC3r9jt6tUsbsp4ahvuBS-9lKlOk45DtJW4aQRI2k24KAyniwFNweBy1gJny9jrDYHJ7Vot0hkIT86oMqM6gVnbLVqzrNuQGA-zpB6Crlpzr8z094j7h-KcHTaPJh_qTZq_IUE3xxC0oPfGFYUohWeEjYBx7yq3jkMVXEQ9POtcTY9ttNCg9f9MpeNO1la_YMRsiEzJDLEnAtskndTfw6AwadfN7VZXKHaajFkBulRwZkxo8JusHCQzNWctbfHTYpsvKZBMHTRAjbrTzEE8Ps0x_ToQ",
"e": "AQAB"
}
]
}
下面是一个完整的示例,说明如何使用原始帖子中的JWKS构建的JWKS解析和验证JWT:
package main
import (
"log"
"github.com/MicahParks/keyfunc"
"github.com/dgrijalva/jwt-go"
)
const (
// The two combined JWK from the original post as a JWKS.
jwksJSON = `{"keys":[{"kty":"RSA","kid":"236c88d1-5b51-4cd3-b73b-d6b4c1fbe177","use":"sig","n":"zVoCP5ZRqb_e5Vea_dvuNr0NAP_6K-x8Q5iV9ZaSjawp7mqmcDORTgUejrVvLUaeOO-xO4OLHRkqsb75R0VVIaB_hfTszCjo-CfQ5WUfH9tb3AVUP6bnx_l5VMWVrkYW1YVnaYqrJOD7axS9YXaVXgEixtHkwqNVLuCJ4Y6S1YxUCJZa4pCCOsPFd0tz4_mNLNUZRJUNuyK4v7AcsIlYqvl2J_G5cUCKFwSjaRBxPih-pd84dJIktU3xZeyZOMg_G5WiUujoyf20Fx5avLKV79F31dNBGUIVvu9woQb3mH00IULTJj1HhKjZkyJ16cvkiJ2G1jUk6r4v0cWc652uZw","e":"AQAB"},{"kty":"RSA","kid":"ee2def52-afd1-410e-9aa8-086336234e93","n":"hL1hBsWFuD4oXZ6SELvibUcv9ap7QDBVZv5BZzGOyjsGmKXumi3UsfAHhhMPC3r9jt6tUsbsp4ahvuBS-9lKlOk45DtJW4aQRI2k24KAyniwFNweBy1gJny9jrDYHJ7Vot0hkIT86oMqM6gVnbLVqzrNuQGA-zpB6Crlpzr8z094j7h-KcHTaPJh_qTZq_IUE3xxC0oPfGFYUohWeEjYBx7yq3jkMVXEQ9POtcTY9ttNCg9f9MpeNO1la_YMRsiEzJDLEnAtskndTfw6AwadfN7VZXKHaajFkBulRwZkxo8JusHCQzNWctbfHTYpsvKZBMHTRAjbrTzEE8Ps0x_ToQ","e":"AQAB"}]}`
)
func main() {
// Create the JWKS from hardcoded JSON.
//
// This can also be done via an HTTPS resource using the keyfunc.Get function.
jwks, err := keyfunc.New([]byte(jwksJSON))
if err != nil {
log.Fatalf("Failed to create JWKS from JSON.\nError: %s", err.Error())
}
// The "failing" JWT from the original post.
jwtB64 := "eyJraWQiOiIyMzZjODhkMS01YjUxLTRjZDMtYjczYi1kNmI0YzFmYmUxNzciLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzZTRkNDA5My04M2U2LTRiZGYtODkwYi1kNDBhYjgyMTE0MzkiLCJhdWQiOiJvYnJicy5vcGVuYmFua2luZy1jb25zZW50Lm9wZW5iYW5raW5nLWNvbnNlbnQtc3RhbmRhbG9uZSIsImlzcyI6InJic2cub3BlbmJhbmtpbmcuc2l0LnBheW1lbnRzLWxpbWl0cy12MSIsImV4cCI6MTYxMDYzMjQxNSwiaWF0IjoxNjEwNjMyMTE1LCJuYmYiOjE2MTA2MzIxMTUsIm1zX3Byb3BhZ2F0ZWRfand0IjoiZXlKcmFXUWlPaUpsT0dRMk1HSXlZaTB5T1RFeUxUUmpNamd0T0RNeE55MWhOemszT1dZeFlUVmtOamdpTENKaGJHY2lPaUpTVXpJMU5pSjkuZXlKcWRHa2lPaUpsTkRaa1l6VXdPQzAxWXpKaUxUUXhaall0WW1ZMU1TMWtZVE0yTVRKak9UWTVOak1pTENKaGRXUWlPaUp5WW5ObkxtOXdaVzVpWVc1cmFXNW5Mbk5wZEM1d1lYbHRaVzUwY3kxc2FXMXBkSE10ZGpFaUxDSnBjM01pT2lKdlluSmljeTV2Y0dWdVltRnVhMmx1WnkxaGRYUm9laTV2Y0dWdVltRnVhMmx1WnkxaGRYUm9laTF6ZEdGdVpHRnNiMjVsSWl3aVpYaHdJam94TmpFd05qTXlNVFF6TENKcFlYUWlPakUyTVRBMk16SXhNVE1zSW01aVppSTZNVFl4TURZek1qRXhNeXdpYlhOZmNISnZjR0ZuWVhSbFpGOXFkM1FpT2lKbGVVcHlZVmRSYVU5cFNUVmpRMGx6U1cxR2MxcDVTVFpKYTFaVVRXcFZNa2x1TUM1bGVVcDZaRmRKYVU5cFNYZE5WRUUwVGxSbmQwMUVVVFZKYVhkcFl6STViV1JJWkdoamJWWm1XVEo0Y0ZwWE5UQllNalZvWWxkVmFVOXBTa1ZTVmsxblVqSldkVnBZU25CWmVVSXdXbGhPTUVsSFRuTmhWMVoxWkVOQ1QxWXdTV2xNUTBwcFlWYzBhVTlwU1hoUFJFVXpUbXByZWs1VVkzZEphWGRwWVZoT2VrbHFiMmxWUjJ4MVdqQkdhbGt5Vm5wak1FWXhaRWRvVldJeWRHeGlhVWx6U1c1T2RscHVVak5aV0Vwc1dETlNkbU14T1RGamJXdHBUMmxLYjJSSVVuZGplbTkyVERKU2JHUnRWbk5pTTBKc1kyazFkVmxZVWpOYVdFNHdURzFPZG1KVE9XdGtWekYwWlZZNU1GcFlTblJqZVRWdlpFY3dhVXhEU21waFZ6UnBUMmxKZUUxRVZUVk9SR00xVGxSbk5FbHBkMmxrUjJoNVdsZEdNRmd6U214Wk1qbDVXa1k1ZVZwWVRqRmlTRkZwVDJsS1IxbFhiSE5rV0Vwc1NXbDNhV050Vm5wa1Z6RnNXRE5XZVdKRFNUWkpiV2d3WkVoQ2VrOXBPSFpoVjBaMFRGZEdNV1JIYUhWTVdFNXdaRU14ZVZsdVRYVmlWMFoxV1Zka2JGcElVbXhqTTFGMVdUSTVkRXd5Um5wTU0yUlpVMFprUTB3elNteGpNMVowV2xNNWFHTjVPV2hrV0ZKdllqTktjR1Z0UmpCaFZ6bDFURzVDY0dKdFkybE1RMHAzWVZoT2QxZ3pRbXhqYlRGd1l6Tk9jR0l5TldaYWJYaG9XbmxKTm1KdVZuTmlRM2RwV1RKNGNGcFhOVEJZTW14clNXcHZhVTV1YUZGV1ZXZzBZbFpPZEZScWFITmFhM2Q1VW0xS05tUllaM3BqZVVselNXNVNkR1ZHT1hwa1dFSjNZMjFXZW1NeWJIWmliRGx0WWtkR2JrbHFjSFZrVjNoelRFTktlbUl5V2pCa01rWjVXbFk1ZDJJeWVIQlpNMnhtWkZoS2NFbHFiMmxoU0ZJd1kwaE5Oa3g1T1d0YVdGcHNZa2M1ZDFwWVNYVmliVVl3WkRKV2VtUkROV3BpTWpCMldraFdkR0pZYkdaalJ6bHpZVmRPTlV4dGFEQmlVMGx6U1c1V2VscFlTbVpaV0ZZd1lVYzFabUpYVmpCaFJ6bHJTV3B2YVdGWFJuUk1XRWt3WTBNeE0xcFhTV2xNUTBwNllqSmFNR1F5Um5sYVZqbHdXa05KTmtscVdqUlZSbFpKWlVjeFZHSlZORFJpUjFwTlRXdGFhV1Z1VmpSTk0wMXBURU5LZG1OSFZuVlpiVVoxWVRKc2RWb3hPWEJpYmxKc1ltNVNabUZYVVdsUGFVcHFUa1JyZVU1RVVUTmFha1UwV1cxRk1FOUVSbWxaYWtFd1RrUkpORmx0VFhwUFYwVXhXVlJSTUUxcFNYTkpibEo2VFd3NWFGa3lUblprVnpVd1dESnNhMGxxYjJsVWFUbENTV2wzYVdSWVRteGpiRGt3WlZoQ2JFbHFiMmxVYVRsQ1NXbDNhVmt6Vm5wa1Jqa3daVmhDYkVscWIybFZSVlpUVlRBNVQxRlZkMmxNUTBwb1pGaFNiMkpzT1hSYVdGSnZZakpSYVU5cFNsTk9Sa0ZwVEVOS2RtTkhWbmxaV0ZKd1ltMWtabGx1U21oaWJWRnBUMmxLVTFGc1RXbE1RMHAyWTIxa1ptSnRSblJhVTBrMlNXczFhR1JIYkhaaWJVWnpTVVprYkdNelVuUmhWelY2WkVkV2VVbEZTbWhpYlhOblZVZDRha2xwZDJsYVdHaDNTV3B2ZUU1cVJYZE9hazE1VGtSQk1reERTbkJaV0ZGcFQycEZNazFVUVRKTmVrbDRUVlJGYzBsdFJuQmpNMEptWTBkV2VXSlhiSHBqTW14MlltdzViV0pIUm01SmFuQjFaRmQ0YzB4RFNuWmliRGxwV2xkb2FHSkhXbVppTWxscFQybEtNRnBZVGpCU1IxWnpXbGRrYUdSSFZsTlJiRTFwVEVOS2FHUlhVV2xQYVVwMldXNUthV041TlhaalIxWjFXVzFHZFdFeWJIVmFlVEZvWkZoU2IyVnBOWFpqUjFaMVdXMUdkV0V5YkhWYWVURm9aRmhTYjJWcE1YcGtSMFoxV2tkR2MySXlOV3hKYVhkcFpFY3hORmd6VG14ak0wNW1ZVmRSYVU5dE5URmlSM2R6U1cxNGNHSnRkR3hhUmpscVlWYzBhVTlwU1hkSmFYZHBXVEpLZDJGWGJHWmpSMVo1WWxkc2VtTXliSFppYkRsdFlrZEdia2xxY0hWa1YzaHpURU5LZVZwWFpIQmpNMUo1V1ZoU2NHSXlOV1phUjBZd1dsTkpObUp1Vm5OaVEzZHBZekk1YldSSVpHaGpiVlptWWtjNWJtSXhPVEZqYld0cFQybEtiMlJJVW5kamVtOTJUREpTYkdSdFZuTmlNMEpzWTJrMWRWbFlVak5hV0U0d1RHMU9kbUpUT1d0a1Z6RjBaVlk1YzJJeVpIWk1ia0oxV25sSmMwbHRPWGxhTVRsd1drTkpOa2xxUVhkTlZGVTBUVVJCZDAxRVFuRmFibVEwVjBWR1FsVlRTWE5KYlU1MlkyNUtiR0pIUmpCaFZ6bDFXREpzYTBscWIybE9ha0UxVFdwUk1VOVVRWHBOZW1kNlRtcGplazE2VlRST2VrbDRUVlJSZDAxVVJYcE9SR013VGxSSk5FOURTWE5KYlU1MlltNU9iR0p1VW1aak0xSm9aRWhXZWtscWIybGxNWGRwVWtkV2FtSkhiSFZhVm5kcFQyeDNhVTFVV1RSTk1rbDVUbFJSTVZsWFJYaFphbWN3V21wQk5VMVhWbWhPVkZaclRrUk9iVnBIVW10T1JGcGpTV2w0WTBscldtaGhWM2d4WTIxV1kwbHFjR05KYW1kNVQxZEdhMXBFV210YVYxa3lXWHBqTTAxdFJtdE5iVkpxVFdwcmVFNTZSVFJOYWs1cFRVUkthRmhEU1hOWVEwcENZa2Q0ZG1ReGQybFBiSGRwV20xYWFrNXFSVEJQUjFaclRVUm5lbHBVU20xWmJWbDRUbFJaTUU1WFNUVk5NazVxV1ZSUmVFMHlTbU5KYmpCcFRFTktlbUl5V2pCa01rWjVXbFk1ZVdJeWVHeGplVWsyU1d4MFVWTldUbEZNUTBKQ1UxWk9VVmhUU1hOSmJsSjBaVVk1ZG1OdFpHWmhWMUZwVDIwMU1XSkhlRGt1YWpZeE0xWm9kMGcyYUV4Q2EzZEJOazVWVG1kMVFYRkZSWEZFTTBwYVpYWlhUMGd3YVV4aGJVcHpSRUkyVEVvdFMzY3ljbEZ4VDJ0VFkycHFZbXRUV1c4MVIxbG1hbGgxWTBoYWNuTlpORzR0YWpkZldtY2lMQ0p0YzE5dFpYTnpZV2RsWDJoaGMyZ2lPaUprT0RZNE9ERXpNMlJqTkRVMlpqZzNOemt3WWpJNVlqbGlaR0kwWWpCa1lqYzFZek5tT1RRMk5HSXhaREpsT1dJd1pXUXlZamxsWXpOa09UazBOVGxsSW4wLmNDNjFiVk1zcVNUWFBRd0ZHclU0cmhXVHNUbGI4YXktOG1lT3gtXzZUQ2d3SHFpbHBsZFhWLXFGYzQyNTZrWWxOU2JYcGxjZ0FqRjc0cEwtelg1a2tzZk9sdzFIUUNsLW16REZveE1VTGd1ZFcwZkJPYzNMekxJWFM3cG40LTZFLVlzdktPVmV2Ymg2NFRBUF9SNzRIX2pNQUVJeXVIc25IeXlfU09Hd1NmWnFwdTBwa0M4enF6ZjBMVjBRS21RS2hTUW9sZkI3U2J0dmNDc19LcG80S3hPdFhmbUVFMlRDMGZKTkJ2cnR4dVZGa0hTdV83REtCYUZmSmNEYmdhZGVkZ2xBOGVMWmNqRzNFY3hlcng4QVFGZVRZTzlOV0xKNU12dW9UWkd2ZjdzTVFSRGMtdGphUVdsODlRdG5pQzFxSXlZTUFGOU1TcG9IcWxmOXMweXJVdyIsIm1zX21lc3NhZ2VfaGFzaCI6IjE5ODg0M2FmOTQyOTcyOGQxZTMyMDdmOGRjNmYzZGE4ZjI1ZWFkY2M5ZDQxY2ZhZWNhNTY5YjllNjY4MWZmOTYifQ.jKehsnGG5j1dOYWlwuF0vKGNbENI1HD35A9g89lhmMrkPhfZ8_lYw4lIkZ16Bepj6HZ53xnTtRXGtmcOZZMr0smh3l5SQ20-CZ6M0yT0wIUZYxJcXmR9_iR7zHI2SvVCpH5CWdlRUNQx9z51Z1SIjc5xvau19omCuMIz7YLZ2Py2tppKz04A8s2xA6Aox-th1dhuKE8NmhTzMnp6UUKbHFyw3Sf7BXJHvQlx4wPB1Pn5l0IZLnD078UsxNmI4r42tECAOmwa0POzzPntlcJNutQZ2QfB68F3YWQZ6YjKF4zTEcZjmMnqVKRLdTyJezGpzXEnitMrnXH-awztlN0d1A"
// Parse the JWT.
var token *jwt.Token
if token, err = jwt.Parse(jwtB64, jwks.KeyFunc); err != nil {
log.Printf("Failed to parse \"failing\" JWT from original post.\nError: %s", err.Error())
// TODO Exit program.
} else {
// Confirm the token is valid.
if !token.Valid {
log.Println(`The "failing" token from the original post is not valid.`)
}
}
// The second token from the original post.
jwtB64 = "eyJraWQiOiJlZTJkZWY1Mi1hZmQxLTQxMGUtOWFhOC0wODYzMzYyMzRlOTMiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYzlmZWI2Zi1jZDdmLTRlZTctOWY1OS04ZGUzMTNhZDU2YzAiLCJhdWQiOiJyYnNnLm9wZW5iYW5raW5nLnNpdC5vZmZlcnMtdjEiLCJpc3MiOiJyYnNnLm9wZW5iYW5raW5nLnNpdC5hY2NvdW50cy12MyIsImV4cCI6MTYxMDcxNjE2NiwiaWF0IjoxNjEwNzE1ODY2LCJuYmYiOjE2MTA3MTU4NjYsIm1zX3Byb3BhZ2F0ZWRfand0IjoiZXlKcmFXUWlPaUkwWkRVNE5ETTRZeTFpWW1WaUxUUXlaR0l0WW1FMlpDMDROekE0TWpkbVlqRTFPVE1pTENKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUo5LmV5SnpkV0lpT2lJd01UQTROVGd3TURRNUlpd2ljMjltZEhkaGNtVmZZMnhwWlc1MFgyNWhiV1VpT2lKRVJWTWdSMlZ1WlhKcFl5QjBaWE4wSUdOc2FXVnVkQ0JPVjBJaUxDSnBjM01pT2lKeVluTXVZWEJwWjJWbExuTnBkQ0lzSW1Ga1pHbDBhVzl1WVd4ZlkyeGhhVzF6SWpwN0ltTnVaaUk2SW50Y0luZzFkQ05UTWpVMlhDSTZYQ0l4UWtWRVFqTkZOVUZEUWtZek5UTkNNRGcwTWpWRVEwTTNOak5ETVRJeFFqVkZNVU0wT1RFMlhDSjlJaXdpYkdsdWEyVmtYMk5wYmlJNklqQWlMQ0pqYjI1elpXNTBYM04wWVhSMWN5STZJazVjTDBFaUxDSmhZM0lpT2lKMWNtNDZiM0JsYm1KaGJtdHBibWM2Y0hOa01qcHpZMkVpTENKamIzSnlaV3hoZEdsdmJsOXBaQ0k2SWpVM05qazVNVEV3TURZM05UZzBOVE0yTlRBeU1URTFNREV4TXpBeE5UUTBNemNpTENKamRYTjBYM1I1Y0dVaU9pSlFSVkpUVDA1QlRDSXNJbUpwYmlJNklqRTRNVGMyT1RNMU56QWlMQ0p2Y0dWdVltRnVhMmx1WjE5cGJuUmxiblJmYVdRaU9pSXpORFkwWkRrMk16WTNZakUwT1RWaU9UTTJNelUwT1RFd09XTm1ZelE1TmlJc0ltOXdaWEpoZEdsdVoxOWljbUZ1WkNJNklsSkNVeUlzSW5WelpYSmZZWFYwYUc1ZmJXVjBhRzlrSWpvaWFXRnRMWEkwY0MxM1pXSWlMQ0p6YjJaMGQyRnlaVjl5YjJ4bGN5STZXeUpRU1ZOUUlpd2lRVWxUVUNKZExDSmphVzRpT2lJeE1EVTVORGM1TlRnNEluMHNJbU5zYVdWdWRGOXBaQ0k2SWpaNFVGVkllRzFUYlU0NGJHWk1Na1ppZW5WNE0zTWlMQ0p6YjJaMGQyRnlaVjlwWkNJNklqWjRVRlZJZUcxVGJVNDRiR1pNTWtaaWVuVjRNM01pTENKaGRXUWlPaUp5WW5ObkxtOXdaVzVpWVc1cmFXNW5Mbk5wZEM1aFkyTnZkVzUwY3kxMk15SXNJbTl5WjE5cFpDSTZJakF3TVRVNE1EQXdNREJxWm5kNFdFRkJVU0lzSW5OamIzQmxJam9pYjNCbGJtbGtJR0ZqWTI5MWJuUnpJaXdpYjNCbGNtRjBhVzVuWDJKeVlXNWtJam9pY21Keklpd2liM0puWDI1aGJXVWlPaUpPWVhScGIyNWhiQ0JYWlhOMGJXbHVjM1JsY2lCQ1lXNXJJRkJzWXlJc0ltVjRjQ0k2TVRZeE1EY3hOVGt5TlN3aWFXRjBJam94TmpFd056RTFPRFkxTENKcWRHa2lPaUkyWXpNMU5UTmxOUzFqWW1GaExUUXdNV1l0T1RaaU15MHpNREUxWlROaVlUYzRaRFVpZlEuRUh0Q2JhYUE1amN4OHNXZTNaU3dndVR0QkxQc3pxQ1ZBRmJrcm5rUmdRdVYtUVdyTHFFMTNidUVnY0Z5eFF3dlNxcFhZR2dyeTVKMXh0YlJYOFhxZzNmdzFOWXppMms4cWlUNm12WFJoUDVtSDJySVVVVE1FVUt2TW1maFlRWlRtdGNDcS1NYnZ5UzRkWURhR3NXbnZ0Y1U5cHYxYUxYT21ydFUwdmhrVlpaNUwyakJnRTdFOWZ2amZMZE5oUERacGpINGpjNHJaY1VhMmc3clVlMEJoNTY2WURhQ2txS2J6VjBuRDRWV0hLOERsX19jNU1FNVpLMkFJSnJTd3RBQkhtaElwWUV1N1JhUWlPd1ZBRFRNd0ZfcWRJeU1jdVM1dVhtZk1uTi0xcFFOREV2ZzN6MmhvNzJTNjVkS0x5Y0JfejA1b1lwMGUybWw1ZHBFaDZjNUdnIiwibXNfbWVzc2FnZV9oYXNoIjoiYTliMWIwZGNmOTkxYzUyOGFjYWFmNTI0OTMxMGEyYWVhOTM3MGM1NjFjZDdmMjliNDY4MzQzM2YwYjg0YWIzYyJ9.PTZjUdQ386cC5AloVW5UCXtmHqYZD7zo4JisAjZIQdGowxDR0HfnZ8TEDwb20c7HmYHXUmnP971vYNoI4gEifFWVmiEbiFxKgp1pR68LyqC-qclJApB8jLrMFfSxKiwgKIyLkLqBg6XTGonOVJZcLi3--UD7fiRxj-s-Oq1kH7s3lqyp3-C6oLDHiVZmHfFtOaZQFGFGUhmDCodkMNEGeGm28hyMNZXpB0kgA8FQehEhfMAUe1yHA2hgzONNn4eMAYnVMBb7Ax4pMxHQKbhPP15vU4AOWI4xo1VFZrWtydI9yvFggJu_S_pu5c6Z8PywKMGHZjhh-XaCouVG85Z_PQ"
// Parse the JWT.
if token, err = jwt.Parse(jwtB64, jwks.KeyFunc); err != nil {
log.Printf("Failed to parse the second token from the original post.\nError: %s", err.Error())
// TODO Exit program.
} else {
// Confirm the token is valid.
if !token.Valid {
log.Println("The second token from the original post is not valid.")
}
}
}
我有一个由keyCloack生成的JWT,RS256,类似这样的东西 样本: 我需要使用KeyClock证书解码和验证此令牌。 我可以通过api获得KeyClock证书。 在响应中,我有x5c字段。 我可以验证这个jwthttps://jwt.io/如果我把x5c部件放在----证书----标签内 如何在Java中验证同样的事情? 我尝试了几件事,但都失败了。
我想验证一些来自Microsoft的JWT的签名。我正在使用Spring-Boot、JJWT库和以下endpoint:https://login.microsoftonline.com/common/discovery/v2.0/keys endpoint返回JSON公钥数组。下面是数组中的一个示例。
我试图验证在https://JWT.io上使用本地运行的KeyCloak身份验证提供程序生成的HS256 JWT令牌。 KeyCloack实例在我的本地机器上的docker容器中运行。我已经应用了与本答案中描述的几乎相同的步骤(相反,它应用了RS算法,并且按照描述的方式工作):https://stackoverflow.com/a/55002225/1534753 我的验证过程非常简单: 4.)我
我刚开始说堆栈。我正在使用jwt来验证apiendpoint'/api/candidates' 在客户端/Angular js服务中,我有以下条目 在服务器端,我有: 这个很管用。即'auth'能够从报头中提取令牌 当我将所有内容改为post而不是get时: 在客户端 在服务器端: 我从jwt得到一个错误,如下所示: 对正在发生的事情有什么建议吗?。我可以用get工作,但我想知道为什么post不工
我正在尝试将支付网关集成到我的nodejs应用程序中。当支付完成时,网关用支付结果将用户重定向到我的站点。结果是RSA签名的,我需要用支付网关提供的公钥来验证它。 下面是支付网关为签名验证提供的示例PHP代码。 有谁知道怎么把这件事搞定吗?
在PHP中,我试图使用AWS的RSA公钥(我在https://cognito-identity.amazonaws.com/.well-known/jwks_uri). 密钥以适当的页眉/页脚开始,然后开始RSA公钥等等。我查看了一些PHP库,如Emarref\Jwt\Jwt\code>,但是我发现了错误:。这一切归结为基本的php函数:。 我已经研究了php。net/manual进行openss