我在auth模块中使用(google)firebase admin-sdk时遇到了verify_id_token()错误。
当我通过前端js发布的用户的令牌验证用户时,出现了auth.verify_id_token(令牌)方法" binascii.Error:填充错误"错误。
此错误的回溯如下。
Traceback (most recent call last):
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1997, in __call__
return self.wsgi_app(environ, start_response)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1985, in wsgi_app
response = self.handle_exception(e)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1540, in handle_exception
reraise(exc_type, exc_value, tb)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/home/ubuntu/workdir/server/firebase.py", line 185, in postme
decoded_token = auth.verify_id_token(posted)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/firebase_admin/auth.py", line 98, in verify_id_token
return token_generator.verify_id_token(id_token)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/firebase_admin/auth.py", line 592, in verify_id_token
header = jwt.decode_header(id_token)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/google/auth/jwt.py", line 151, in decode_header
header, _, _, _ = _unverified_decode(token)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/google/auth/jwt.py", line 129, in _unverified_decode
signature = _helpers.padded_urlsafe_b64decode(signature)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/site-packages/google/auth/_helpers.py", line 217, in padded_urlsafe_b64decode
return base64.urlsafe_b64decode(padded)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/base64.py", line 133, in urlsafe_b64decode
return b64decode(s)
File "/home/ubuntu/.pyenv/versions/3.6.2/lib/python3.6/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
我通过javascript从客户端发布了客户端令牌,如下所示。
var token = user.getIdToken()
var bapi = axios.create({
baseURL: 'http://mypage.com',
timeout: 10000,
headers: {
'X-Requested-With': 'XMLHttpRequest'
}
})
bapi.post('/postme', token)
.then(response => {
console.log(response)
}).catch(err => {
console.log(err)
})
在请求的服务器上用python(flask)解码它
@app.route('/postme',methods=['POST'])
def postme():
posted = request.data
decoded_token = auth.verify_id_token(posted) # error!!
# uid = decoded_token['uid']
return uid
有谁知道该怎么办?
答案 0 :(得分:1)
在JavaScript SDK中,user.getIdToken()是作为异步函数(documentation)实现的,但是您的代码假定它直接返回一个String。
因此,您的后端正在接收垃圾 - 如果您打印了posted变量的内容,您可能已经注意到了。
重新组织这样的JS函数以实际使用ID令牌:
user.getIdToken()
.then(token => {
var bapi = axios.create({
baseURL: 'http://mypage.com',
timeout: 10000,
headers: {'X-Requested-With': 'XMLHttpRequest'}
});
return bapi.post('/postme', token);
})
.then(response => {
console.log(response)
}).catch(err => {
console.log(err)
})
答案 1 :(得分:0)
最后,感谢@vzsg解决了这个问题(非常感谢你)。
总之,
user.getIdToken()返回promise auth.verify_id_token(token) admin-sdk(python)只需要编码的字符串。