我正在尝试使用Google和OpenID Connect实现联合登录系统,并且我无法验证和解析我从Google收到的JWT ID令牌.我在这里关注Google的文档.
根据文档的建议,我正在尝试使用现有的JWT库.GitHub上最流行的PHP版本似乎是PHP_JWT.问题似乎是JWK键的格式.
上面链接的谷歌文档说,从jwks_uri他们的发现文档中显示的端点获取密钥.该端点返回以下内容:
{
"keys": [
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "1771931eb0eb64eb97733e857685be153e079bb9",
"n": "AMNFQMNJw/EVwrYsyPTnEHWkaPinPb4ngc/SqD701aisFhbU9/wWoKADeFtwfBcWl1qjzIqhPorQElB+2mtiqUh3Qtaazt1x5wA9XnJDe6kjtMGm9nNLMilSVNBilAE8GIdbciMycISfOfL0WRaJrqpNxewNEVZjuYiGzOWahiDP",
"e": "AQAB"
},
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "7b3bc600209875d3c42ae277a0d018d1d21986ec",
"n": "AN2UvG5+hNEMIPIbnpPm+JQi6LFWXBPzg3Ltb3xkVmSTjVaCFWppw/ZYRBgpToGKZP9XJstlOE88SDUFSMZIkIqtLpnUqmZax2Zc2gjEB9PhmHSH3/tTmtZ1U0X6V+crqitZ2uc3NV78vCn9/s+WuPwk/gfKBG8Cirb0fgLmsPd9",
"e": "AQAB"
}
]
}
查看JWT类和方法的源代码,看起来参数可以是一个数组,但是它们希望数组键是和数组值:.它很简单,可以拉出属性并将它们用作数组键,但应该用什么作为数组值?decodeverify$keyskid@param string|resource $key for HS*, a string key works. for RS*, must be a resource of an openssl public keykid
从谷歌的JWKs文档来看,它看起来像我们正在使用RS*,但我不知道关键对象的哪一部分resource of an openssl public …
我正在尝试将以下php功能移植到perl:
public function loadKey($mod, $exp, $type = 'public')
{
$rsa = new Crypt_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256);
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256);
// snip...
}
我需要转换表单中的字符串("RSA.$ mod.$ exp.$ private_exp"):
RSA.mVgY8RN6URBTstndvmUUPb4UZTdwvwmddSKE5z_jvKUEK6yk1u3rrC9yN8k6FilGj9K0eeUPe2hf4Pj-5CmHww==.AQAB.Lgy_yL3hsLBngkFdDw1Jy9TmSRMiH6yihYetQ8jy-jZXdsZXd8V5ub3kuBHHk4M39i3TduIkcrjcsiWQb77D8Q==
...到Crypt :: RSA对象.我已经拆分了组件,所以我有$ mod,$ exp和$ private_exp,但perl Crypt :: RSA API似乎没有办法明确设置.