Nodejsvalidation来自.net的jwt令牌失败
我通过这个C#代码(使用System.IdentityModel.Tokens.Jwt)从.net创build令牌:
var keybytes = Convert.FromBase64String("MYCUSTOMCODELONGMOD4NEEDBEZE"); var signingCredentials = new SigningCredentials( new InMemorySymmetricSecurityKey(keybytes), SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); var nbf = DateTime.UtcNow.AddDays(-100); var exp = DateTime.UtcNow.AddDays(100); var payload = new JwtPayload(null, "", new List<Claim>(), nbf, exp); var user = new Dictionary<string, object>(); user.Add("userId", "1"); payload.Add("user", user); payload.Add("success", true); var jwtToken = new JwtSecurityToken(new JwtHeader(signingCredentials), payload); var jwtTokenHandler = new JwtSecurityTokenHandler(); var resultToken = jwtTokenHandler.WriteToken(jwtToken); 我将resultToken发送到nodejs,并用下面的代码validation它(使用jsonwebtoken库):
var jwt = require('jsonwebtoken'); var result = jwt.verify( resultToken, new Buffer('MYCUSTOMCODELONGMOD4NEEDBEZE').toString('base64'), { algorithms: ['HS256'] }, function(err, decoded) { if (err) { console.log('decode token failed with error: '+ JSON.stringify(err)); } } );
我得到了错误:签名无效。 resultToken内容:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0OTQ4MTMxMTUsIm5iZiI6MTQ3NzUzMzExNSwidXNlciI6eyJ1c2VySWQiOiIxIn0sInN1Y2Nlc3MiOnRydWV9.4bjYyIUFMouz-ctFyxXkJ_QcJJQofCEFffUuazWFjGw
我有jwt.io上面的签名( MYCUSTOMCODELONGMOD4NEEDBEZE )debugging它和秘密base64编码检查,没关系。
我已经尝试了在C#代码中通过keybytes编码没有base64的签名:
var keybytes = Encoding.UTF8.GetBytes("MYCUSTOMCODELONGMOD4NEEDBEZE");
并在nodejs中成功validation。 所以我认为这个问题来自我的nodejs代码时,validation一个base64编码的签名。 validation令牌或某些东西时,我错过了一些选项吗?
我不知道你做了什么,但是这个片段是用你上面提供的标记为我工作的。
var jwt = require('jwt-simple') var secret = new Buffer('MYCUSTOMCODELONGMOD4NEEDBEZE').toString('base64') var token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0OTQ4MTMxMTUsIm5iZiI6MTQ3NzUzMzExNSwidXNlciI6eyJ1c2VySWQiOiIxIn0sInN1Y2Nlc3MiOnRydWV9.4bjYyIUFMouz-ctFyxXkJ_QcJJQofCEFffUuazWFjGw' var decoded = jwt.decode(token, secret) console.log(decoded)
输出:
❯ node jwt.js { exp: 1494813115, nbf: 1477533115, user: { userId: '1' }, success: true }
使用jsonwebtoken库
// var jwt = require('jwt-simple') var jwt = require('jsonwebtoken'); var secret = Buffer.from('MYCUSTOMCODELONGMOD4NEEDBEZE', 'base64') var token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0OTQ4MTMxMTUsIm5iZiI6MTQ3NzUzMzExNSwidXNlciI6eyJ1c2VySWQiOiIxIn0sInN1Y2Nlc3MiOnRydWV9.4bjYyIUFMouz-ctFyxXkJ_QcJJQofCEFffUuazWFjGw' jwt.verify(token, secret, { algorithms: ['HS256'] }, function(err, decoded) { if (err) { console.log(err) } else { console.log(decoded) } })
再次仍然工作正常。
唯一的区别是我能看到的是秘密。