堆栈内存溢出
  简体   繁体   English

如何在 Spring Boot 中验证 jwt 令牌?

[英]How to verify jwt token in spring boot?

 原文  2022-02-16 17:07:45       spring-boot/ jwt/ ed25519/ nimbus-jose-jwt/ eddsa

问题描述

I want to implement JWT verification in my spring boot application.我想在我的 Spring Boot 应用程序中实现 JWT 验证。 The algorithm we used for signing token is Ed25519\EDDSA .我们用于签署令牌的算法是 Ed25519\EDDSA 。

I don't find right dependency/library to implement Jwt verifier using ED25519 algorithm.我没有找到正确的依赖项/库来使用 ED25519 算法实现 Jwt 验证程序。

Can someone suggest maven dependency to validate JWT token ?有人可以建议 Maven 依赖项来验证 JWT 令牌吗?

1 个解决方案

解决方案1
 0  2022-06-01 12:47:26

The answer comes late but I just tried to solve the same problem and decided to share my conclusions.答案来晚了,但我只是试图解决同样的问题并决定分享我的结论。

I'd use Spring Security with the OAuth 2.0 Resource Server to validate JWTs.我会使用Spring Security 和 OAuth 2.0 资源服务器来验证 JWT。

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

However, Spring Security's default JWT Decoder NimbusJwtDecoder does not support EdDSA (see list of supported signature algorithms . You will have to write your own JWTDecoder .但是,Spring Security 的默认 JWT 解码器NimbusJwtDecoder不支持 EdDSA(请参阅支持的签名算法列表。您必须编写自己的JWTDecoder

Luckily, Spring Security depends on Nimbus JOSE+JWT library that already supports EdDSA.幸运的是,Spring Security 依赖于已经支持 EdDSA 的Nimbus JOSE+JWT 库 To validate an EdDSA signature with the library, add the following dependency:要使用库验证 EdDSA 签名,请添加以下依赖项:

<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>tink</artifactId>
  <version>1.6.1</version>
</dependency>

Your code will at some point call the following lines, where encodedJwt is the encoded jwt string.您的代码将在某些时候调用以下行,其中encodedJwt是编码的 jwt 字符串。

SignedJWT signedJWT = SignedJWT.parse(encodedJwt);

JWSVerifier verifier = new Ed25519Verifier(publicJWK);
assertTrue(signedJWT.verify(verifier));

The complete example can be found here: https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa完整的例子可以在这里找到: https ://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot:如何验证 Azure B2C JWT 令牌 - Spring Boot: How to verify Azure B2C JWT token Spring Boot OAuth2 资源服务器:库如何在没有公钥的情况下验证 JWT 令牌? - Spring Boot OAuth2 Resource Server: How library can verify JWT token without public key? 如何在Spring Boot中从旧令牌生成新的JWT令牌? - How to generate new JWT token from old token in Spring Boot? 如何在 Spring Boot 中验证 RSA256 签名的 JWT 令牌 - How to Validate a RSA256 signed JWT token in Spring Boot 如何模拟 JWT 令牌以将其与 Mockito 和 Spring 引导一起使用 - How to mock JWT token to use it with Mockito and Spring Boot 如何在 Spring Boot 中使用 Facebook 凭据生成 JWT 令牌 - How to generate JWT Token using Facebook credentials in Spring boot 如何从Spring Boot后端销毁jwt令牌 - how destroy jwt token from spring boot backend 如何使用 JWT 在 Spring Boot 中获取刷新令牌 - How to get Refresh Token in spring boot using JWT 如何在 Spring Boot OAuth2 中的 SecurityContextHolder 中获取 JWT 令牌? - How to get JWT token in SecurityContextHolder in Spring Boot OAuth2? 如何使用 spring boot 在 swagger 标头中配置 jwt 令牌 - How to configure jwt token in swagger header using spring boot
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM