![](/img/trans.png)
[英]How to generate a RS256 signed token I decode with jose.jwt.decode
[英]Python decode jwt token USING JOSE module
请帮我解码这个 jwt使用 python jose 模块。 我不知道应该用什么key
。 因为任何在线 jwt 解码器都可以在没有任何密钥的情况下解码它。
token = eyJhbGciOiJSUzI1NiIsImtpZCI6ImVlYTFiMWY0MjgwN2E4Y2MxMzZhMDNhM2MxNmQyOWRiODI5NmRhZjAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDEyODA4NDEwNzU2MjUwMzQwMjAiLCJlbWFpbCI6ImRzYjMyMW1wQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiWmpVY1Eyd3JkLUdzY3F2Y2dqci1BQSIsIm5vbmNlIjoiUFp2SGhsX2tUTGR1Sktmem80LW9qdyIsImlhdCI6MTYxMTY5MjA2NywiZXhwIjoxNjExNjk1NjY3fQ.kNFbqjtJO2HKsSX-jt967MLi2xjeRH4W9JsA4yPQDQEgrHqa3BX6PVFJCBjq-Fn7vmlTT1lUcElVPwtvcBUV8Z4I7dCuWKcTxTt6R8501f1I2X0tQeEu_zfg-ianzOlQkg3KvLT_D-oaIfNkoU7jAt4Mywe6xHiDKszlA6KE8T6PLV_VeiCJGvciLbPW7DhKiuL-kfTjhHoZ6_XHeruR6rb_psZNvH5t-D3Yjc27EwH0_Wumcl1GjN20eF2xO-UDhO4BMRHGIM5876QUYB58dxblLG1flEaeXi9z4R-XnrLPYpAYZDYQDcPMni9fUm9d8pNZDeTGh6WyGkTqkXuHvg
我试过:
jwt.decode(token=token, key=???, algorithms='RS256')
使用 PyJWT:
import jwt
from jwt import PyJWKClient
token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImVlYTFiMWY0MjgwN2E4Y2MxMzZhMDNhM2MxNmQyOWRiODI5NmRhZjAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDEyODA4NDEwNzU2MjUwMzQwMjAiLCJlbWFpbCI6ImRzYjMyMW1wQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiWmpVY1Eyd3JkLUdzY3F2Y2dqci1BQSIsIm5vbmNlIjoiUFp2SGhsX2tUTGR1Sktmem80LW9qdyIsImlhdCI6MTYxMTY5MjA2NywiZXhwIjoxNjExNjk1NjY3fQ.kNFbqjtJO2HKsSX-jt967MLi2xjeRH4W9JsA4yPQDQEgrHqa3BX6PVFJCBjq-Fn7vmlTT1lUcElVPwtvcBUV8Z4I7dCuWKcTxTt6R8501f1I2X0tQeEu_zfg-ianzOlQkg3KvLT_D-oaIfNkoU7jAt4Mywe6xHiDKszlA6KE8T6PLV_VeiCJGvciLbPW7DhKiuL-kfTjhHoZ6_XHeruR6rb_psZNvH5t-D3Yjc27EwH0_Wumcl1GjN20eF2xO-UDhO4BMRHGIM5876QUYB58dxblLG1flEaeXi9z4R-XnrLPYpAYZDYQDcPMni9fUm9d8pNZDeTGh6WyGkTqkXuHvg"
# Insecure - doesn't validate the token.
decoded = jwt.decode(token, options={"verify_signature": False})
# Optional, not sure if if this increases security
url = "https://www.googleapis.com/oauth2/v3/certs"
client = PyJWKClient(url)
pub_key = client.get_signing_key_from_jwt(token).key
aud = jwt.decode(token, options={"verify_signature": False})["aud"]
decoded = jwt.decode(token, pub_key, algorithms=["RS256"], audience=aud, options={"verify_exp": False})
python-jose
使用jwt.get_unverified_header()
和jwt.get_unverified_claims()
。
from jose import jwt
token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImVlYTFiMWY0MjgwN2E4Y2MxMzZhMDNhM2MxNmQyOWRiODI5NmRhZjAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDEyODA4NDEwNzU2MjUwMzQwMjAiLCJlbWFpbCI6ImRzYjMyMW1wQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiWmpVY1Eyd3JkLUdzY3F2Y2dqci1BQSIsIm5vbmNlIjoiUFp2SGhsX2tUTGR1Sktmem80LW9qdyIsImlhdCI6MTYxMTY5MjA2NywiZXhwIjoxNjExNjk1NjY3fQ.kNFbqjtJO2HKsSX-jt967MLi2xjeRH4W9JsA4yPQDQEgrHqa3BX6PVFJCBjq-Fn7vmlTT1lUcElVPwtvcBUV8Z4I7dCuWKcTxTt6R8501f1I2X0tQeEu_zfg-ianzOlQkg3KvLT_D-oaIfNkoU7jAt4Mywe6xHiDKszlA6KE8T6PLV_VeiCJGvciLbPW7DhKiuL-kfTjhHoZ6_XHeruR6rb_psZNvH5t-D3Yjc27EwH0_Wumcl1GjN20eF2xO-UDhO4BMRHGIM5876QUYB58dxblLG1flEaeXi9z4R-XnrLPYpAYZDYQDcPMni9fUm9d8pNZDeTGh6WyGkTqkXuHvg"
claims = jwt.get_unverified_claims(token)
header = jwt.get_unverified_header(token)
详情见下文。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.