我需要解码我的JWT令牌,并检查范围是否为“医生”。
我对GO知之甚少,但我只需要在我的应用程序中编写一个小片段即可扩展现有应用程序,因此需要用GO编写。
这是我尝试解码令牌并检查“ Doctor”是否在解码令牌中的尝试,因为我无法专门访问范围。
for k, v := range props {
token_value := fmt.Sprint(v)
token_key := fmt.Sprint(cfg.AuthKey)
if (k == "custom_token_header") && strings.Contains(token_value, token_key) {
if token, _ := jwt.Parse(token_value, nil); token != nil {
parsed_token := fmt.Sprint(token)
log.Infof("Parsed token: " ,parsed_token)
if strings.Contains(parsed_token, "Doctor") {
log.Infof("user is a Doctor, perform checks...")
loc, _ := time.LoadLocation("GMT")
now := time.Now().In(loc)
hr, _, _ := now.Clock()
if hr >= 9 && hr < 5 {
log.Infof("success, inside of work hours!!")
return &v1beta1.CheckResult{
Status: status.OK,
}, nil
}
log.Infof("failure; outside of work hours!!")
return &v1beta1.CheckResult{
Status: status.WithPermissionDenied("Unauthorized..."),
}, nil
}
}
log.Infof("success, as you're not a doctor!!")
return &v1beta1.CheckResult{
Status: status.OK,
}, nil
}
}
在我的应用程序外部运行正常,但是在我的应用程序内部运行时很奇怪,并且将声明退回<nil> map[] <nil> false,但是在我的应用程序外部运行时却给了我
map[alg:RS256 kid:NUVGODIxQThBQkY2NjExQjgzMEJEMjVBQTc3QThBNTY4QTY3MzhEMA typ:JWT] map[aud:https://rba.com/doctor azp:3XFBbjTL6tsL9wH6iZQtkz3rKgGeiLwh exp:1.55546266e+09 gty:client-credentials iat:1.55537626e+09 iss:https://jor2.eu.auth0.com/ scope:Doctor sub:3XFBbjTL6tsL9wH6iZQtkz3rKgGeiLwh@clients] false
感谢devdotlog,我能够通过此更改来完成此工作:
for k, v := range props {
tokenString := fmt.Sprint(v)
tokenKey := fmt.Sprint(cfg.AuthKey)
if (k == "custom_token_header") && strings.Contains(tokenString, tokenKey) {
tokenString = strings.Replace(tokenString, "Bearer ", "", -1)
token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
if err != nil {
fmt.Println(err)
return nil, nil
}
if claims, ok := token.Claims.(jwt.MapClaims); ok {
tokenScope := fmt.Sprint(claims["scope"])
log.Infof("Scope: ", tokenScope)
if tokenScope == "Doctor" {
log.Infof("user is a Doctor, perform checks...")
loc, _ := time.LoadLocation("GMT")
now := time.Now().In(loc)
hr, _, _ := now.Clock()
if hr >= 9 && hr < 5 {
log.Infof("success, inside of work hours!!")
return &v1beta1.CheckResult{
Status: status.OK,
}, nil
}
log.Infof("failure; outside of work hours!!")
return &v1beta1.CheckResult{
Status: status.WithPermissionDenied("Unauthorized..."),
}, nil
}
fmt.Println(claims["scope"])
} else {
fmt.Println(err)
}
log.Infof("success, as you're not a doctor!!")
return &v1beta1.CheckResult{
Status: status.OK,
}, nil
}
}
答案 0 :(得分:2)
您使用github.com/dgrijalva/jwt-go。是吗?
您使用ParseUnverified(https://godoc.org/github.com/dgrijalva/jwt-go#Parser.ParseUnverified)无需验证。
下面的代码是ParseUnverified()的示例。
package main
import (
"fmt"
"github.com/dgrijalva/jwt-go"
)
func main() {
// This token is expired
var tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c"
token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
if err != nil {
fmt.Println(err)
return
}
if claims, ok := token.Claims.(jwt.MapClaims); ok {
fmt.Println(claims["foo"], claims["exp"])
} else {
fmt.Println(err)
}
}
ParseUnverified()仅用于调试。
警告:除非您知道自己在做什么,否则请不要使用此方法
此方法解析令牌,但不验证签名。仅在您知道签名有效(因为以前已在堆栈中对其进行检查)并且想要从中提取值的情况下,它才有用。