我不知道如何解码 keycloak 公钥和证书的结果。我应该使用哪一个来解码?我只有access_token。并尝试过使用 cert 和 public_key
结果来自:https://keycloak.some.domain/auth/realms/name-realm/
{
"realm": "name-realm",
"public_key": "some-secert-stringMIIBIsome-secert-stringknhFmdCmX9lu1EJNEsome-secert-string",
"token-service": "https://keycloak.some.domain/auth/realms/name-realm/protocol/openid-connect",
"account-service": "https://keycloak.some.domain/auth/realms/name-realm/account",
"tokens-not-before": 0
}
结果来自:https://keycloak.some.domain/auth/realms/epf-uat/protocol/openid-connect/certs
{
"keys": [
{
"kid": "WtJZKhwIsome-secert-stringA",
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"n": "xtG3QzVml8lxYQz1FaesgZ2-TPR2h_NqGHwRsome-secert-stringH2Bd5Dncsome-secert-stringEHVBAd75gzIPh_wTsome-secert-stringiAw",
"e": "AQAB",
"x5c": [
"some-secert-string"
],
"x5t": "y-Ksome-secert-stringMViQ",
"x5t#S256": "vvsome-secert-stringbosome-secert-stringtE8QW2vnmw60NJfaDJlVE"
}
]
}
我尝试使用https://github.com/mpdavis/python-jose来解码 jwt。这里是样本:
环境:
keycloak_algorithm = ["RS256"]
keycloak_domain = "https://keycloak.some.domain/auth/realms/some-realm/"
keycloak_audience = "https://login.some-domain.com"
验证码
token = CLEANED_BEARER_TOKEN_FROM_CLIENT
jsonurl = urlopen(setting.keycloak_domain)
algorithms = setting.keycloak_algorithm
audience = setting.keycloak_audience
issuer = …当有人通过 Auth0 登录我的网站时,我会从 Auth0 获取 JWT 令牌。该令牌告诉我此人的 UID,并允许我从前端向后端进行 API 调用,在后端我可以验证 JWT 令牌以确保请求来自已登录的用户。
在https://jwt.io上,您可以粘贴任何 JWT 令牌,它会解析它并验证签名。
有谁知道我如何在 python 中做到这一点?
Auth0 没有给我 JWT 令牌的私钥,所以我无法使用jwt.decode().
相反,我需要以某种方式用它的公钥解析 JWT 令牌,但我不确定如何在 python 中检索它。
这是 JWT 令牌:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZneF9xWEJVNWt0ZzZXSlNLdTJIdiJ9.eyJuaWNrbmFtZSI6ImpvaG5fbWFyayIsIm5hbWUiOiJqb2huX21hcmtAb3V0bG9vay5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9zLmdyYXZhdGFyLmNvbS9hdmF0YXIvNTMxZmJlZjcxN2I1NzVmYjU3MGJlYzcxNTBlOWQ4MTA_cz00ODAmcj1wZyZkPWh0dHBzJTNBJTJGJTJGY2RuLmF1dGgwLmNvbSUyRmF2YXRhcnMlMkZqby5wbmciLCJ1cGRhdGVkX2F0IjoiMjAyMi0wNC0wNVQxNDoyMzozNy42NTFaIiwiZW1haWwiOiJqb2huX21hcmtAb3V0bG9vay5jb20iLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOi8vZGV2LW44Z2h5a3lvLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw2MTdiZTllMzJhMmYyNjAwNmEzZDlhM2EiLCJhdWQiOiIwUGwwR1F5cFhjNkZEakxhb0JuSjhzOEtNZjVKZ3J4bSIsImlhdCI6MTY0OTE2ODYyMiwiZXhwIjoxNjQ5MjA0NjIyLCJub25jZSI6IlJuTjBmbFoyU0Vkck4wSkhRV1EyY21FMk1rNUpXVlUzTW1jM2RtaHlXVkJWYm5oalowMUNUR1paU3c9PSJ9.NQBQPoEj6wzYzclrQzXAWh124gyg_Nf1UYZR4lAuqHZ-fdFycrBMA0Y0dBSvQ-WI7YZOMAPjCRK0nuxKzj9kMQ0c-3finCgsl411tX5tvaX_Khe116le_eyBV28aQQLjqT0zvLaSgIYaJqcgshQ1bYvJp8UXPf8GkMWCD89pnqYPwexx9nsWjrnikInLY9oSbWYN1zA7DxwhygI_JeQc6Cvu6pl1xq8m_WZaCMSOJS2umyl_7vfA84cDX1Zz8aVWEOMinnbmR48sY79cEiIMplcYJA3QH4yFEawSWbzWnVUcv9VCgCJ7fCbqikF86fz2TrWYrI6eATJoVHOXDNDKwA