我们从客户的服务器中获取JSON网络密钥,这些服务器看起来像这样(关键字段已更改):
[{'e': 'AQAB',
'kid': 'vw_aZOVEkZ8TYfJDEewrwruJ2jrrA0',
'kty': 'RSA',
'n': 'n_3gWURcfv_dKKbomqqyMEufgqj9Un038_xxxxxx_08nIUaMHCJG8Z8gW-Z3rQP0Iv7gcYv1lol_Asz67tcvDvIksNXWWjkheYbfX_fZ82XKrBbRzDFbYIUa1cwXfM7OodHjlYKLk3ljwMgTHutwvz38E-pNNGP7ZTKmbmOPvM0RPeA_mS-LDDhxq0d3pnUCYRuyzJVZ54SPE2sxxxxxxxxVyZzcPYPBibnNs_v_iiBQsLvwEnMoeTzdJS4D3H2sWS3sh4bnDlhR3950WyCAJugpCeqOlQtx_rBY4EIcH7rZVYkskip200UBoP0q2L61U6XaFTWnKNiFQ',
'use': 'sig',
'x5c': ['MIIDYTCCAkmgAwIBAgIQ4SewtoGcTpZGFO4KqNVXBTANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDHiQAUQBTAF8AUwB0AHMAVABvAGsAZQBuAFMAaQBnAG4AaQBuAGcwHhcNMTcwMTA5MjMwMDAwWhcNMTgwNzI5MjMwMDAwWjAvMS0wKwYDVQQDHiQAUQBTAF8AUwB0AHMAVABvAGsAZQBuAFMAaQBnAG4AaQBuAGcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf/eBZRFx+/90opuiaqrIwS5+CqP1SfTfz9hHGg4dCkpm/T/TychRowcIkbxnyBb5netA/Qi/uBxi/WWiX8CzPru1y8O8iSw1dZaOSF5ht9f99nzZcqsFtHMMVtghRrVzBd8zs6h0eOVgouTeWPAyBMe63C/PfwT6k00Y/tlMqZuY4+8zRE94D+ZL4sMOHGrR3emdQJhG7LMlVnnhI8TawT2iJuX1rPhdXJnNw9g8GJuc2z+/+KIFCwu/AScyh5PN0lLgPcfaxZLeyHhucOWFHf3nRbIIAm6CkJ6o6VC3H+sFjgQhwfutlViSySKnbTRQGg/SrYvrVTpdoVNaco2IVAgMBAAGjeTB3MBMGA1UdJQQMMAoGCCsGAQUFBwMDMGAGA1UdAQRZMFeAEFNDsrjGLG6YBHMjas+GOj2hMTAvMS0wKwYDVQQDHiQAUQBTAF8AUwB0AHMAVABvAGsAZQBuAFMAaQBnAG4AaQBuAGeCEOEnsLaBnE6WRhTuCqjVVwUwDQYJKoZIhvcNAQELBQADggEBAEpvqleqHoO5JibA+IrWn1+BS3hNromKy9Crw7nUiJsG87buTg89XNX3aaPRF3l0d5g0NjjBxq/HFWYWwuaGrhNhhjITIOI76+WhCUqdGtMyHifUzfTuXZ8NzVuij1Ur2wBhutXrK7MD+bVd/UsOLE7UANk7Un8BMvsAJIiL4sw1+VB9ZTzpst/Bdp6G5nL3LAMcbKOmJa9GLKfSnLuL8xeUrECh27m4xTXOrsg5dTnTPOLoeQPK4G40BVtBFRpTPKZkgRCwpdvOmW++uvSM+HClor+n2QTa4AnJ26V+0Q8xzIQMv0VdP7vNwfgfy06k8snljELNOgX6+Re3fVG2h1g='],
'x5t': 'vw_aZOVEkZ8TYfJDElQuJ2jrrA0'}]
在我们的Web应用程序中,我们收到一个类似这样的令牌,我们需要根据上面的密钥进行验证。令牌使用相同的JSON Web密钥从某个外部应用程序签名。访问令牌如下所示:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InZ3X2FaT1ZFa1o4VFlmSkRFbFF1SjJqcnJBMCIsImtpZCI6InZ3X2FaT1ZFa1o4VFlmSkRFbFF1SjJqcnJBMCJ9.eyJpc3MiOiJodHRwczovL3N0cy1xcy50dHMtY29tcGFueS5jb20vY29yZSIsImF1ZCI6Imh0dHBzOi8vc3RzLXFzLnR0cy1jb21wYW55LmNvbS9jb3JlL3Jlc291cmNlcyIsImV4cCI6MTUwMDAxOTY3OCwibmJmIjoxNTAwMDE2MDc4LCJjbGllbnRfaWQiOiJjb2EuZ2N4LmRldmVsb3BtZW50LmFub255bW91cyIsInNjb3BlIjoidHRzLmVtYWlsIn0.Q0zzSi7zPfgVQ4E5-eA02eEAFeWZJiREBdeZ6Kep1OSc__P6TEOryJf9MwFU6FWLJeVRjjtsSadEPToh9RAfcBh7SiPCndygYnbQDpvqY3G2V5FjqZdIgEtWMr_RQwE-UKME2bfWZ5blMsRqylBsT0W9UyDOwMdYDFXJ8flTYeFCxb8jBKLc1rxko6uJzf57tN_66IBRpvs10VLGAstRs54Qzn3hYsaZEB3GxENTnQCGGvIyACi0oCaTVatHclH4pr_RDBf5iOOUJkscC4mH4kacWg1_B1q9UrpQ5IOmQtVEk0IIRLDsvHeENaJFHec73j-eeeeeeeeeeee-ytw
我调查了" jose" Python的模块
http://python-jose.readthedocs.io/en/latest/jwk/index.html
然而,示例在Python 3中失败(TypeError:无法将' bytes' object对象隐式地转换为str) - >错误报告已提交。
是否有任何其他选项或模块可以使用RSA针对JSON Web密钥验证此令牌?