我从谷歌获得了 JWT 令牌,但我不知道如何验证和解码它。
我正在尝试使用库 com.auth0.jwt.JWT,并且我有以下代码:
public static void main(String[] args) throws ServerFailException, IOException, GeneralSecurityException {
System.out.println("Starting now");
String publicKey="885016258715-j50dd8tkkee3ttqaqer14s4vd9fvbtbd.apps.googleusercontent.com";
String token="eyJhbGciOiJSUz..."
RSAPrivateKey privateKey=null; // This should be null, because we don't need the private key to decode the token.
RSAPublicKey pubKey=How do I convert My string public key to a RSAPublicKey.
Algorithm algorithm = Algorithm.RSA256(pubKey, privateKey);
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer("auth0")
.build();
DecodedJWT decodedJWT=verifier.verify(token);
Map<String, Claim> claims = decodedJWT.getClaims();
System.out.println(claims);
System.out.println("Done");
}
但问题是我如何从我从谷歌获得的公钥字符串中获取RSAPublicKey。或者有没有更好的根本方法来做到这一点? (不同的图书馆)。
我认为不可能将该字符串转换为 RSA 公钥。在这种情况下,您通常要做的就是调用 Google 公开的 JWKS 端点,您将在其中获得类似于以下格式的密钥:
{
"kty":"RSA",
"kid":"2091097665",
"use":"sig",
"alg":"RS256",
"n":"nuR5CoNGpJCFRVDQyitG_0oX8d_O1f4QWT5M_ZHoS_XXjJ2ZGCDwukArnyBfEiXmzS4sEITFHmR6eS_y4fIDjkQxlH8wrhEL8enPe6Qs2qNphACydaDyvBurSEuH73JqU7hiXvge6DMONwlv0zhzqYOG4_SFiH8Qxk4gewmTFmw-ib5u-yuXTAKckYIRpQAnLTDAm1HK-MUQWZTALi1QVcpjh-afsGR42GlgWNcGip7UuPv_4YoIVj0G-6HTpdCj1SrV1dkxGPOYxFeJ96-9EWRJ6mJt0r1J9u-A1Yp9Le_FPdR6nhN7N4CzZYoG8lwdXXPeDmV8LD8PHW-SpoyPzw",
"e":"AQAB",
"x5t":"OjVeMZFPa9LLP0pyd4Z_dN5-Iis"
}
或者,您可以获取 PEM 格式的密钥,它看起来像这样:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyemE1zfNxurz773Igh8r
cbXaqeIiKcoOYkcKyx5CYb01A69mDkOD6L6dIva9gAI2abyp3PCNKCCsCECgxAnn
eAzzNad+I5y02SdxWo17yR1/KmkpSAB7bbqwSeG3gJ3aUfgSIWr47kama3R2epm+
50G6zFrI8GK5Sy5J1qVXbdsMXLMWiEjCMQv5BUp/e4k/nLnyOvUkALGaqIc7BdJb
LznNehxLv2xysS5T0gjQ0yknr/QaSqV6rZpCv08uIuO+uC6jKyZUUSxcW5eokco6
LnoLkTBwnhg8ztERp1QU3RVWBUxAgs+xhNsarySrpoePOEpoaLSIAwLT8xAQLVOo
xwIDAQAB
-----END PUBLIC KEY-----
一旦您获得了其中一种格式的密钥,就可以轻松地将其导入到库中。 (构造函数方法可能接受这些格式之一。)