那些遇到过的问题

小编Jac*_*din的帖子

散列格子请求正文 Webhook

我正在尝试验证从 Plaid 的API发送的 webhook 。每个 webhook 请求都带有一个“plaid-verification”标头,它是一个 JSON Web 令牌。

验证所需的步骤是:

  1. 从请求头中提取 JWT

signed_jwt = eyJhbGciOiJFUzI1NiIsImtpZCI6IjZjNTUxNmUxLTkyZGMtNDc5ZS1hOGZmLTVhNTE5OTJlMDAwMSIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1OTA4ODcwMDEsInJlcXVlc3RfYm9keV9zaGEyNTYiOiJiNjNhMDdiNTQ3YjAwZjk5MjU0N2Y2YmJjOGQ5YWNjNjFhOGNjZWUxMzhiYzgyZjQ0YTZiYWEwOTY4M2E1ZDBmIn0.OOKvIihgqCj7Qrb2bmz7T3t7uK-0JyjiEqL2s1kWeJBM4MMmjaHKK8GmU_z91QolBWMzvPgs718EElY-rE3cwQ

  1. 在不验证签名的情况下提取 JWT 标头值,如下所示:
    {
      "alg": "ES256",
      "kid": "6c5516e1-92dc-479e-a8ff-5a51992e0001",
      "typ": "JWT"
    }
Run Code Online (Sandbox Code Playgroud)
  1. 提取kid和 POST 到/webhook_verification_key/get
    POST /webhook_verification_key/get
    {
        "client_id": "MY_CLIENT_ID"
        "secret": "MY_SECRET_ID"
        "key_id": "6c5516e1-92dc-479e-a8ff-5a51992e0001"
    }
Run Code Online (Sandbox Code Playgroud)

回应是:

{
  "key": {
    "alg": "ES256",
    "created_at": 1560466143,
    "crv": "P-256",
    "expired_at": null,
    "kid": "6c5516e1-92dc-479e-a8ff-5a51992e0001",
    "kty": "EC",
    "use": "sig",
    "x": "35lvC8uz2QrWpQJ3TUH8t9o9DURMp7ydU518RKDl20k",
    "y": "I8BuXB2bvxelzJAd7OKhd-ZwjCst05Fx47Mb_0ugros"
  },
  "request_id": "HvfCtrDLG1ihcp7"
}
Run Code Online (Sandbox Code Playgroud)
  1. 解释key为 JSON Web Key,验证 JSON Web Key …

python hash json jwt plaid

Jac*_*din
lucky-day
3
推荐指数
2
解决办法
624
查看次数

标签 统计

hash ×1

json ×1

jwt ×1

plaid ×1

python ×1