如何在 python 中使用 x 和 y 坐标验证 ES384 JWT 签名
[英]How to validate ES384 JWT signature with x and y coordinate in python
问题描述
我有一个 JWT 如下:
Authorization: Bearer eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCIsImtpZCI6IjQ0ODIzZjNkLTBiMDEtNGE2Yy1hODBlLWI5ZDNlOGE3MjI2ZiIsImprdSI6Imh0dHBzOi8vc2FuZGJveC5jZHMtaG9va3Mub3JnLy53ZWxsLWtub3duL2p3a3MuanNvbiJ9.eyJpc3MiOiJodHRwczovL3NhbmRib3guY2RzLWhvb2tzLm9yZyIsImF1ZCI6Imh0dHA6Ly8xMjcuMC4wLjE6ODAwMC9jZHMtc2VydmljZXMiLCJleHAiOjE1OTQyMzA5MDAsImlhdCI6MTU5NDIzMDYwMCwianRpIjoiZWZiMzc3M2QtM2EyOC00M2UyLTlmYmMtYjkzNmE5YWUzODhiIn0.Cbey3n5NkDRoCLHZ2WMFc1z_RY8Rlq5oGxdAYfbrBPMiJXLCwjbYoU0av2CQj-Olhbnpe7Vs8vzJ5oHP5gc2-0ooc5J49t4Uz9iYKpiM9KLUrqaJe0umc_klM2-ynHAI
I've been struggling since python libraries like PyJWT require a PEM format public key for Elliptical curve algorithms, and I'm having to decode the base64 to get the header which has the "jku" ( https://sandbox.cds-hooks .org/.well-known/jwks.json ),它只有 x 和 y 坐标,没有公钥。
我觉得我完全走错了方向,因为我认为应该是一个简单且自动化的过程,用于使用 ES384 alg 验证 JWT。
如果有人可以帮助解释如何使用库/python 代码来验证这一点,那将是一个救命稻草!
1 个解决方案
解决方案1
1 已采纳 2020-07-09 20:35:01
您可以为此使用 Jose-JWT 库:
pip install python-jose
使用 Jose-JWT,您可以从给定的 JWK 构造一个密钥,也可以直接在decode调用中使用 JWK ( JSON Web Key ),如下面的简短示例所示:
from jose import jwk, jwt
es384_key = {
"kty": "EC",
"crv": "P-384",
"kid": "44823f3d-0b01-4a6c-a80e-b9d3e8a7226f",
"use": "sig",
"alg": "ES384",
"x": "dw_JGR8nB2I6XveNxUOl2qk699ZPLM2nYI5STSdiEl9avAkrm3CkfYMbrrjr8laB",
"y": "Sm3mLE-n1zYNla_aiE3cb3nZsL51RbC7ysw3q8aJLxGm-hx79RPMYpITDjp7kgzy"
}
allowed_aud = "http://127.0.0.1:8000/cds-services"
token = "eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCIsImtpZCI6IjQ0ODIzZjNkLTBiMDEtNGE2Yy1hODBlLWI5ZDNlOGE3MjI2ZiIsImprdSI6Imh0dHBzOi8vc2FuZGJveC5jZHMtaG9va3Mub3JnLy53ZWxsLWtub3duL2p3a3MuanNvbiJ9.eyJpc3MiOiJodHRwczovL3NhbmRib3guY2RzLWhvb2tzLm9yZyIsImF1ZCI6Imh0dHA6Ly8xMjcuMC4wLjE6ODAwMC9jZHMtc2VydmljZXMiLCJleHAiOjE1OTQyMzA5MDAsImlhdCI6MTU5NDIzMDYwMCwianRpIjoiZWZiMzc3M2QtM2EyOC00M2UyLTlmYmMtYjkzNmE5YWUzODhiIn0.Cbey3n5NkDRoCLHZ2WMFc1z_RY8Rlq5oGxdAYfbrBPMiJXLCwjbYoU0av2CQj-Olhbnpe7Vs8vzJ5oHP5gc2-0ooc5J49t4Uz9iYKpiM9KLUrqaJe0umc_klM2-ynHAI"
payload = jwt.decode(
token,
es384_key,
audience = allowed_aud,
options = {'verify_exp':False})
print (payload)
尽管它被称为decode ,但 function 实际上会验证签名。
注意:我添加了options = {'verify_exp':False}以避免错误,因为您的令牌昨天已经过期。
Output:
{'iss': 'https://sandbox.cds-hooks.org', 'aud': 'http://127.0.0.1:8000/cds-services', 'exp': 1594230900, 'iat': 1594230600, 'jti': 'efb3773d-3a28-43e2-9fbc-b936a9ae388b'}
使用python未知X坐标值时,如何根据Y坐标获取Path的X坐标
[英]How to get X-coordinate of Path depending on the Y-coordinate when X-coordinate values are unknown using python
Python:如何通过递增X坐标值来对X和Y坐标的字典进行排序?
[英]Python: How to sort a dictionary of X and Y coordinates by ascending X coordinate value?
在 python - 我如何 plot 2D 图(x,y)并通过每个(x,y)坐标的颜色变化添加第三轴?
[英]In python - How can I plot 2D figure (x,y) and add 3rd axis by variation of the colour for each (x,y)-coordinate?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.