我正在尝试为此处描述的服务帐户实施Google oAuth 2:在UnityScript上使用https://developers.google.com/accounts/docs/OAuth2ServiceAccount(或C# - 这无关紧要,因为它们都使用相同的Mono .NET类).
我在这里找到了类似的主题:C#中是否有JSON Web Token(JWT)示例? web-token-jwt-example-in-c但我仍然没有成功.
首先,我已生成标题和声明集(就像在谷歌文档中一样)
var header: String = GetJWTHeader();
var claimset: String = GetJWTClaimSet();
结果是(为清楚起见,用新行分隔):
{ "ALG": "RS256", "典型": "智威汤逊"}
{ "ISS": "425466719070-1dg2rebp0a8fn9l02k9ntr6u5o4a8lp2.apps.googleusercontent.com"
"范围":" https://www.googleapis.com/auth/prediction ",
"aud":" https://accounts.google.com/o/oauth2/token ",
"EXP":1340222315,
"IAT":1340218715}
Base-64编码方法:
public static function Base64Encode(b: byte[]): String {
var s: String = Convert.ToBase64String(b);
s = s.Replace("+", "-");
s = s.Replace("/", "_");
s = s.Split("="[0])[0]; // Remove any trailing '='s
return s;
}
public static function Base64Encode(s: String): String { …我有一个令牌,一个包含公钥的文件,我想验证签名.我试图基于此验证签名.
但是,decodingCrypto和decodingSignature不匹配.
这是我的代码:
public static string Decode(string token, string key, bool verify)
{
var parts = token.Split('.');
var header = parts[0];
var payload = parts[1];
byte[] crypto = Base64UrlDecode(parts[2]);
var headerJson = Encoding.UTF8.GetString(Base64UrlDecode(header));
var headerData = JObject.Parse(headerJson);
var payloadJson = Encoding.UTF8.GetString(Base64UrlDecode(payload));
var payloadData = JObject.Parse(payloadJson);
if (verify)
{
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(header, ".", payload));
var keyBytes = Encoding.UTF8.GetBytes(key);
var algorithm = (string)headerData["alg"];
var signature = HashAlgorithms[GetHashAlgorithm(algorithm)](keyBytes, bytesToSign);
var decodedCrypto = Convert.ToBase64String(crypto);
var decodedSignature = Convert.ToBase64String(signature);
if (decodedCrypto != …我正在尝试升级我的MVC网站以使用新的OpenID Connect标准.OWIN中间件看起来非常强大,但不幸的是只支持"form_post"响应类型.这意味着Google不兼容,因为它会在"#"后面的URL中返回所有令牌,因此它们永远不会到达服务器并且永远不会触发中间件.
我试图在中间件中自己触发响应处理程序,但这似乎根本不起作用,所以我有一个简单的javascript文件解析返回的声明并将它们发送到控制器动作进行处理.
问题是,即使我在服务器端获取它们,我也无法正确解析它们.我得到的错误看起来像这样:
IDX10500: Signature validation failed. Unable to resolve
SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
),
token: '{
"alg":"RS256",
"kid":"073a3204ec09d050f5fd26460d7ddaf4b4ec7561"
}.
{
"iss":"accounts.google.com",
"sub":"100330116539301590598",
"azp":"1061880999501-b47blhmmeprkvhcsnqmhfc7t20gvlgfl.apps.googleusercontent.com",
"nonce":"7c8c3656118e4273a397c7d58e108eb1",
"email_verified":true,
"aud":"1061880999501-b47blhmmeprkvhcsnqmhfc7t20gvlgfl.apps.googleusercontent.com",
"iat":1429556543,"exp\":1429560143
}'."
}
我的令牌验证码遵循开发IdentityServer的优秀人员概述的示例
private async Task<IEnumerable<Claim>> ValidateIdentityTokenAsync(string idToken, string state)
{
// New Stuff
var token = new JwtSecurityToken(idToken);
var jwtHandler = new JwtSecurityTokenHandler();
byte[][] certBytes = getGoogleCertBytes();
for (int i = 0; i < certBytes.Length; i++)
{
var certificate = new X509Certificate2(certBytes[i]); …