我正在尝试执行以下操作:
secret_key = "sometihng";
web_token = CreateSignedJWT(payload_string, secret_key, hash_params );
我收到错误:
signOptions type not supported, it has to be of type Key or KeyPair or Struct
Coldfusion 的 jwt 文档 指出 Secret_key 参数应该是一个结构,我明白。但是,我不清楚如何在不使用密钥库的情况下将密钥用作字符串,因为如果我使用
key_options = {
key = secret_key
}
web_token = CreateSignedJWT(payload_string, key_options, hash_params );
然后我收到错误
Either the keystore path is invalid or corrupt or the keystore password is wrong.
密钥本身存储在加密的数据库列中,因此我想传递它的字符串版本。如果没有密钥库,我该如何做到这一点?
对于HS256,密钥是至少32字节的字节序列。如果密钥是 Base64 编码的,则必须先进行 Base64 解码,然后再导入。
CreateSignedJWT()
文档中描述的 RS256 示例对于 HS256 如下所示:
<cfset text = {
"iss" = "a",
"sub" = "b",
"abcd" = "efgh",
"aud" = "adobe",
"exp" = "#DateAdd("n", 30, now())#",
"id"="cc",
"iat"="#DateAdd("n", -30, now())#"
}>
<!--- Base64 decode and import key --->
<cfset rawKeyeyB64 = "ViHV9/ImYwwnx8GLevuR4oB8QYST4izOiJzi8CCT+Yc=">
<cfset rawKey = binaryDecode(rawKeyeyB64, "base64" )>
<cfset keySpec = createObject("java", "javax.crypto.spec.SecretKeySpec")>
<cfset key = keySpec.init(rawKey, "HmacSHA256")>
<cfset c = {
"algorithm" = "HS256", <!--- specify HS256 algorithm --->
"generateIssuedAt"= true,
"generateJti"=true
}>
<cfset createjws = CreateSignedJWT(text, key, c)>
<cfdump var = "#createjws#">
binaryDecode()
进行了Base64解码,并根据文档第2节实现了密钥导入。 使用 Java 对象。eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJhZG9iZSIsInN1YiI6ImIiLCJpc3MiOiJhIiwiaWQiOiJmRGl6SHF0QnlNR096N3pIS2gtbEl3IiwiYWJjZCI6ImVmZ2giLCJleHAiOiJGZWJydWFyeSwgMjIgMjAyNCAyMDoyMDozNSIsImlhdCI6MTcwODYzMTQzNTI5MX0.0vJchMc2YvIXuq28tyH2vaAAW8vugYx5nc1HcK_L8qc
可以使用 Base64 编码密钥在 jwt.io 上成功验证。