我正在尝试用Java修改jwt,我使用了与此类似的代码: Java - Auth0 JWT Verification - Is this correct?
public void parseJWTKey(HttpHeaders header)
{
try
{
Jwk jwk = getPublicKey(); //method to retrieve public key from auth server (identity server)
RSAPublicKey publicKey = (RSAPublicKey) jwk.getPublicKey();
Algorithm alg = Algorithm.RSA256(publicKey, null);
JWTVerifier verifier = JWT.require(alg)
.withIssuer("auth0")
.build();
String headerString = header.toString();
String parsedHeader = headerString.substring(headerString.indexOf(" "), headerString.lastIndexOf("\""));
DecodedJWT dJwt = verifier.verify(parsedHeader);
}
catch(JWTVerificationException | JwkException | NullPointerException a)
{
a.printStackTrace();//TODO: Logging
}
}
但收到错误消息: com.auth0.jwt.exceptions.SignatureVerificationException:使用算法SHA256withRSA进行验证时,令牌的签名结果无效我也看到了这篇文章: com。 auth0.jwt.exceptions.SignatureVerificationException:使用算法SHA256withRSA 进行验证时,令牌的签名结果无效,但我没有使用HMAC256。
尽管我可以得到jwt:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjdjNDM5MmMxMDA1MGJiN2E2MDYwMTVlMTk0MTNkOWMxIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NzE2NTU3NzEsImV4cCI6MTU3MTY4NDU3MSwiaXNzIjoiaHR0cDovLzE5Mi4xNjguMTAwLjEwMTo1MDU1IiwiYXVkIjpbImh0dHA6Ly8xOTIuMTY4LjEwMC4xMDE6NTA1NS9yZXNvdXJjZXMiLCJjbGFpbXNhcGkiXSwiY2xpZW50X2lkIjoicm8udGVzdGNsaWVudCIsInN1YiI6IjEiLCJhdXRoX3RpbWUiOjE1NzE2NTU3NzEsImlkcCI6ImxvY2FsIiwic2NvcGUiOlsib2ZmaWNlIiwib3BlbmlkIiwicHJvZmlsZSIsImNsYWltc2FwaSJdLCJhbXIiOlsicHdkIl19.oK4Cg2laKUgdAHpyZ3yB7bVlgdHevhkzQMn47wnQPbvc04GME90wXScHxTSNkgtTPnuXK_t-ddyPYrxOZFnHPfDr9PLTjDXilLF90Ga91a4khFvRqvTqRwXAnpsamAsBdXZoybkbQ8c_x7kPua5NwN13AJU_cL37tSuor4ujYIJ9McLdQDLIBhD7b76QAMF2UkstFG_oPUSwycot-18zuaB97K4b5X-RO-j2DfEy15caRmMGxX-1c4EMw4T4pxHkQc4WVumA0C2nsCufJ1ZyZ74bcebRTTbb9y__QDvekGa1vfUYG6Pon7q83gQVWiH580vwiH60rrICjl9fNK4hmQ
我无法访问私钥以检查 jwt.io 上的签名,因为它位于不受我控制的身份服务器实例上,但是由于我对oauth的了解有限,相信这不是问题。