Firebase PHP JWT“OpenSSL无法验证数据:错误:0906D06C:PEM例程:PEM_read_bio:无启动行”

时间:2016-10-09 14:16:59

标签: php firebase jwt firebase-authentication

我正在通过App Engine使用Google Cloud PHP API。从客户端设备,通过POST使用Firebase身份验证令牌发送请求。根据Firebase PHP JWT的文档,我试图使用以下代码解码令牌:

$decoded = JWT::decode($token, $key, array('RS256'));

$ token是一行(由于安全原因,这是无效的):

eyJhbGciOiJSUzI1asdaNiIsImtpZCI6Ijk2N2Q3NzQ4YmM5NTMTIzNzRhZWQasdasd3MzEyYzcwNjEyZTRlNTM4NmUifQ.tuaAsjdlkjvsdngeoijAnlnbfgLkoosdfKLnm,werkldsfNkndfkdsnfkfnlNKL2i34nkNJioj4Kkoj234j%jij1kjojsdffds98giojerNNjasndasiNjasdnJAjnasdkjnFoFjoFJOIAASD8990adsaaDknnkngs.v_Ko6HZjrahbihLbw2Bm7EuslEC2SSHXNK79rDbD9qIIVYxPjCsubsdfkyAWDIoJHwjkM9TtssYS-1Cjd_xkXghfILuDZpzLsHV6rF20J4n3eUTrsnmLDHK6UB5N3yK2LYoF1UoFrsiyWenfqELfE4Gx5wlfmsylTS1foS2CWRrT1ccqmJBinWiY6JNUS-0gg-2Aecf_VJ63RD9308sBKy1DUsBeje9yG8w2YpYsAqKIlMTC-FqLLpHlKe4LZxcveiqSF4J6PgvcLSPTMmg7-Li_8m41O-wfU1zwSpS1SJ73RJNg-kvRZ1y1ll8ExqXjZkazRDVkYVo6yu5AXi1Onl6FqBLA

通过JWT.io检查令牌会给我一个正确的有效载荷。

现在为$ key部分。我已从Google API控制台下载了默认服务帐户JSON文件。如果我使用看起来像的“private_key”:

-----BEGIN PRIVATE KEY-----\n[VERY_LONG_PRIVATE_KEY]\n-----END PRIVATE KEY-----\n

我收到此错误:

openssl_verify(): supplied key param cannot be coerced into a public key

我在StackOverflow找到了一个答案,这可以用来将私钥转换为公钥:

$private_key = openssl_pkey_get_private($c->serviceAccount->private_key);
$details = openssl_pkey_get_details($private_key);
$public_key = $details['key']

因此,如果我使用$ public_key,我会收到另一个错误,说明以下内容:

Uncaught exception 'DomainException' with message 'OpenSSL unable to verify data: error:0906D06C:PEM routines:PEM_read_bio:no start line

公钥如下:

-----BEGIN PUBLIC KEY-----\n[VERY_LONG_KEY]\n-----END PUBLIC KEY-----\n

所以它似乎应该有效。但事实并非如此。算法RS256也是正确的算法。

任何帮助表示赞赏!

1 个答案:

答案 0 :(得分:1)

我在使用Node.js读取私钥时遇到了同样的错误 Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

事实证明,问题是Google Cloud将\n转换为\\n。当我将其转换回\n时,它有效。

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const bigquery = require('@google-cloud/bigquery');

const config = functions.config();
admin.initializeApp(config.firebase);
const firestore = admin.firestore();

const sanitizePrivateKey = (key) =>
  key.replace(/\\n/g, '\n');

/* firebase converts \n to \\n, we have to convert it back */
if (config.credentials) {
  config.credentials.private_key = sanitizePrivateKey(config.credentials.private_key);
}

const bigqueryClient = bigquery({
  projectId: 'screencastify-staging',
  // eslint-disable-next-line
  credentials: config.credentials,
});
相关问题
最新问题