如果我更改1个字符,NodeJS上的AWS Cognito令牌验证是否有效?

时间:2018-05-31 10:29:19

标签: node.js jwt amazon-cognito

我尝试验证我的Cognito代币

const jose = require('node-jose')
const jwks = {
    "keys": [
        {
            "alg": "RS256",
            "e": "AQAB",
            "kid": "GswyT6a+OAuL5kCrRCmT5xmfCL6uFuo1MWaD+otmfd4=",
            "kty": "RSA",
            "n": "hrYesjnwXvwfh8Pr87Jun5uAb3YKF9XNYFbxjQwlvd__8JQw3l0iGJVLjmHKoOHQztVUdeWe9jfkShEA2FjFukb21mPH1UCOYGWg7HR_lJz1IAaYf0ysQXmG1fWkhYDisHGrdEFURbWNhmSzJcqCM9Faa6LBGzUMMJzwDMyrxjOP8nZYbVhjorpFnHOfxUYPJ_RhZfUEXY1F6RbmHdtZ7rpFeaOzptKFfEqOcCU0avkPrpPcrKNaZ4kMN3YOHl-gPzoy-HgjAYYOGE1XMW316t1keEoYJhk8MY9NjriPx7RNcsbPpeRpb7bS2Vki1p8NYhBqywoGv0QYZK_b1JLlAw",
            "use": "sig"
        },
        {
            "alg": "RS256",
            "e": "AQAB",
            "kid": "IQCV14AYWuTjxjwqbtxW9uh2psd2iyjHox6TQZihdwo=",
            "kty": "RSA",
            "n": "ojo3CemQghYpj_Vic-a28BNj69cce76DmVKBr0U7Uj2q0rgfrE0aamUdya21-NJAOq2D5PwqZyxQJOXPhngpOKS9bTaBfeqdTzKrz2b98Q0Q-ADEYNoWRtVMYFDnpeq1Xkjl3X-Y1nB76SD5Xjtv-g3z7VHWD-p91hGZTWotaid1yvGWcjL5VHAFI6Qko0s_-RPlj93BUnIVboWfWjmsC6qcC9lIa4V_562xS7bOMNJDt6UGum0bWUhexhytWyplZnTUfO2Pb4ML2e52zhe3f87jFny9pra9N_ULQwrU8DpslvK-AdmcLYaHNOt1J8g5gS_Es45HDMkkNjwinikiMQ",
            "use": "sig"
        }
    ]
}

const jwt = 'eyJraWQiOiJJUUNWMTRBWVd1VGp4andxYnR4Vzl1aDJwc2QyaXlqSG94NlRRWmloZHdvPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0MGMwNTc4My1jMWI2LTRiZWQtYWUzZS1hNWQ2ZWE4NzM2MmIiLCJldmVudF9pZCI6ImRiMWEzMzI2LTY0YjctMTFlOC04MmFjLTU3OWMxZTQ2M2U2MiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE1Mjc3NjAxNDUsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMV9jOVZENWdqN3AiLCJleHAiOjE1Mjc3NjM3NDUsImlhdCI6MTUyNzc2MDE0NSwianRpIjoiNGNjZGI4YjAtNjg3MS00NWRiLTkzYjktZmYwODczNTIyMDJhIiwiY2xpZW50X2lkIjoiNm45aDRhdjJibGR2OTM1M21hZWFuaTZuaWoiLCJ1c2VybmFtZSI6ImppZXdtZW5nLmxpbUAyMzU5bWVkaWEuY29tIn0.Kp5ZVTJo-zTb3Tj26UHcjmufVfxtDKKHFgQNnEQOaMUJ8KtPXQPy_gL0ZzUBS4-rn0BsphAD_vT80iLjOxLKa9C-qNm2vq_28zlySnbqh1aN_pOTFC5YkQFrspU6_B_AIC_1GtcFuTlCksBe5AJLaYZhzYaxqy3ubcG2z3Eyzf13OlwHoUqNeJgtKk7Ff48nUF2pAUkCQbkFEhLTcoxh1xjJYcex4yEM2LeW1ZLdlFp2R5YGDB6al-MyMAh03r_SIGAuD-lEnz3rmeR5XUsdIj4Yg5UPAWIGufmb1fPa740iTf-7OF2FF7YLPQW60ng6w_cWGe1e36K3B5RVbduf5A'

jose.JWK.asKeyStore(jwks)
    .then(keystore => {
        return jose.JWS.createVerify(keystore).verify(jwt)
    })
    .then(result => {
        console.log('OK!', result.payload.toString('utf8'))
    })
    .catch(err => console.error(err))

(此标记适用于测试用户...)但奇怪的是,如果我在JWT中更改1个字符,例如从A到B的最后一个字符,它仍然有效吗?我以为这是错的?

0 个答案:

没有答案
相关问题
最新问题