[英]How to decode jwt token in javascript without using a library?
[英]How to verify an Azure OAuth Access JWT Token in native Javascript without using a library?
我有一個 OAuth 訪問令牌(來自 Azure)。 我想驗證簽名。
我已經解碼了令牌
標題
{
"typ": "JWT",
"alg": "RS256",
"x5t": "abc123",
"kid": "abc123"
}
和有效載荷
{
"aud": "api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"iss": "https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/",
"iat": 1580132587,
"nbf": 1580132587,
"exp": 1580136487,
"acct": 0,
"acr": "1",
"aio": "xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx==",
"amr": [
"pwd"
],
"appid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxf",
"appidacr": "0",
"ipaddr": "yyy.yyy.yyy.yyy",
"name": "test",
"oid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"scp": "user_impersonation",
"sub": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
"tid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"unique_name": "test@mycompany.onmicrosoft.com",
"upn": "test@mycompany.onmicrosoft.com",
"uti": "xxxxxxxxxxxxx-xxxxxxxxx",
"ver": "1.0"
}
(在驗證目標受眾(aud)之后)我需要驗證簽名。 為此,我首先需要計算簽名。 要做到這一點
https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/discovery/v2.0/keys
這給了我一個數組
[{ "kty": "RSA", "use": "sig", "kid": "abc123", "x5t": "abc123", "n": "...", "e": "...", "x5c": [..."], "issuer": " https: //login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/v2.0" }, { "kty": "RSA", "use": "sig", "kid": "...", "x5t": "...", "n": "....", "e": "...", "x5c": ["."], "issuer": "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/v2.0" }, ]
我檢查kid
和x5t
匹配的頭字段。
問題
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), public_key)
獲取與收到的令牌的孩子匹配的 x5t。 這是公鑰,盡管它通常需要轉換為 PEM 格式。
大多數人然后使用經過認證的庫來驗證帶有公鑰的簽名。 這是我的一些代碼,用於驗證 Azure 令牌。
我認為原生 JavaScript 指的是 NodeJS,因為訪問令牌是通過 API 而不是 UI 驗證的。
最終,我相信像 jsonwebtoken 這樣的庫調用底層操作系統加密代碼 - 不適合膽小的人..
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.