Question

在RSA256算法中对令牌进行编码和解码时似乎总是初始化并使用相同的私钥：

payload = {:data => 'test'}
rsa_private = OpenSSL::PKey::RSA.generate 2048
rsa_public = rsa_private.public_key

token = JWT.encode payload, rsa_private, 'RS256'
# eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0ZXN0IjoiZGF0YSJ9.c2FynXNyi6_PeKxrDGxfS3OLwQ8lTDbWBWdq7oMviCy2ZfFpzvW2E_odCWJrbLof-eplHCsKzW7MGAntHMALXgclm_Cs9i2Exi6BZHzpr9suYkrhIjwqV1tCgMBCQpdeMwIq6SyKVjgH3L51ivIt0-GDDPDH1Rcut3jRQzp3Q35bg3tcI2iVg7t3Msvl9QrxXAdYNFiS5KXH22aJZ8X_O2HgqVYBXfSB1ygTYUmKTIIyLbntPQ7R22rFko1knGWOgQCoYXwbtpuKRZVFrxX958L2gUWgb4jEQNf3fhOtkBm1mJpj-7BGst00o8g_3P2zHy-3aKgpPo1XlKQGjRrrxA
puts token

decoded_token = JWT.decode token, rsa_public, true, { :algorithm => 'RS256' }

# Array
# [
#   {"data"=>"test"}, # payload
#   {"alg"=>"RS256"} # header
# ]
puts decoded_token

但是在Rails 5.1应用程序中，最好的方法是什么？

Answer 1

我想出了如何解决这个问题。所以我有一个类JsonWebToken，有两个类方法：encode和decode定义如下：

class JsonWebToken

  ALGO = 'RS256'

  class << self

    def encode(payload, exp = 2.hours.from_now)
      # set expiry to 2 hours from creation time
      payload[:exp] = exp.to_i
      JWT.encode(payload, private_key, ALGO)
    end

    def decode(token)
      body = JWT.decode(token, private_key.public_key, true, algorithm: ALGO)[0]
      HashWithIndifferentAccess.new body
      # rescue from expiry exception
    rescue JWT::ExpiredSignature, JWT::VerificationError => e
      # raise custom error to be handled by custom handler
      raise ExceptionHandler::ExpiredSignature, e.message
    end  

    private

      def private_key
        @rsa_private ||= OpenSSL::PKey::RSA.generate 2048
      end
  end

end

如果需要，我只使用另一个私有静态方法生成一个rsa私钥。

ruby-jwt编码，用RS256算法解码

1 个答案: