[英]How to verify jwt token in spring boot?
I want to implement JWT verification in my spring boot application.我想在我的 Spring Boot 应用程序中实现 JWT 验证。 The algorithm we used for signing token is Ed25519\EDDSA .
我们用于签署令牌的算法是 Ed25519\EDDSA 。
I don't find right dependency/library to implement Jwt verifier using ED25519 algorithm.我没有找到正确的依赖项/库来使用 ED25519 算法实现 Jwt 验证程序。
Can someone suggest maven dependency to validate JWT token ?有人可以建议 Maven 依赖项来验证 JWT 令牌吗?
The answer comes late but I just tried to solve the same problem and decided to share my conclusions.答案来晚了,但我只是试图解决同样的问题并决定分享我的结论。
I'd use Spring Security with the OAuth 2.0 Resource Server to validate JWTs.我会使用Spring Security 和 OAuth 2.0 资源服务器来验证 JWT。
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
However, Spring Security's default JWT Decoder NimbusJwtDecoder
does not support EdDSA (see list of supported signature algorithms . You will have to write your own JWTDecoder
.但是,Spring Security 的默认 JWT 解码器
NimbusJwtDecoder
不支持 EdDSA(请参阅支持的签名算法列表。您必须编写自己的JWTDecoder
。
Luckily, Spring Security depends on Nimbus JOSE+JWT library that already supports EdDSA.幸运的是,Spring Security 依赖于已经支持 EdDSA 的Nimbus JOSE+JWT 库。 To validate an EdDSA signature with the library, add the following dependency:
要使用库验证 EdDSA 签名,请添加以下依赖项:
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.6.1</version>
</dependency>
Your code will at some point call the following lines, where encodedJwt
is the encoded jwt string.您的代码将在某些时候调用以下行,其中
encodedJwt
是编码的 jwt 字符串。
SignedJWT signedJWT = SignedJWT.parse(encodedJwt);
JWSVerifier verifier = new Ed25519Verifier(publicJWK);
assertTrue(signedJWT.verify(verifier));
The complete example can be found here: https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa完整的例子可以在这里找到: https ://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.