如何在Deno中创建和验证JSON Web令牌?
我不是Deno运行时的新手,因此在Deno中使用JWT入门示例会很有帮助。
答案 0 :(得分:7)
这是一个简短的演示,展示了如何创建带有HS256
签名的JWT以及如何验证它并提取有效载荷。
jwtdemo.ts (基于Version 1.9 of djwt):
import { verify, create, Header, Payload, getNumericDate } from "https://deno.land/x/djwt@v1.9/mod.ts"
var key = "secret-key";
const algorithm = "HS256"
const header: Header = {
alg: algorithm,
typ: "JWT",
"custom-key":"custom-value"
};
const payload: Payload = {
iss: "deno-demo",
exp: getNumericDate(300) // 300 seconds = 5 minutes from now on
//exp: getNumericDate(new Date("2020-11-02T19:00:00.000Z")) // or set a certain date and time
};
const jwt = await create(header, payload, key)
console.log(jwt);
//key = "wrong-key" // this will let the verification fail
try {
const payload = await verify(jwt, key, algorithm)
console.log(payload)
}
catch(ex) {
console.log(ex.message)
}
辅助方法getNumericDate(exp)
自动设置正确的Unix时间戳,并将作为参数给出的秒数添加到当前时间或直接使用给定的date参数。
您可以直接运行上面的演示,所有导入的模块将自动下载:
deno run jwtdemo.ts
结果是:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN1c3RvbS1rZXkiOiJjdXN0b20tdmFsdWUifQ.eyJpc3MiOiJkZW5vLWRlbW8iLCJleHAiOjE2MDQzNDI2NDR9.6dbloI7z6M40JSw5JPE_F19SWYaY4sALQ48mxUir8DM
{ iss: "deno-demo", exp: 1604342644 }
或者,如果签名错误:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN1c3RvbS1rZXkiOiJjdXN0b20tdmFsdWUifQ.eyJpc3MiOiJkZW5vLWRlbW8iLCJleHAiOjE2MDQzNDI2MzN9.XUUSZRsZp0sFdu8RBmzFcOZMXc9ZguA8tPy8n0hI7l4
The jwt's signature does not match the verification signature.
与在node.js中创建JWT的显着区别是,我们在此处具有预定义的接口Header
和Payload
而不是简单的JSON并检查值。
当我设置
const algorithm = "XS256" // instead of "HS256"
算法检查失败,程序无法启动:
Check file:///C:/Users/jps/source/deno/jwtdemoV19.ts
error: TS2322 [ERROR]: Type '"XS256"' is not assignable to type 'Algorithm'.
alg: algorithm,
~~~
at file:///C:/Users/jps/source/deno/jwtdemoV19.ts:8:3
The expected type comes from property 'alg' which is declared here on type 'Header'
alg: Algorithm;
~~~
at https://deno.land/x/djwt@v1.9/mod.ts:36:3
TS2345 [ERROR]: Argument of type '"XS256"' is not assignable to parameter of type 'AlgorithmInput'.
const payload = await verify(jwt, key, algorithm)
~~~~~~~~~
at file:///C:/Users/jps/source/deno/jwtdemoV19.ts:26:42
Found 2 errors.
该示例代码使用djwt版本1.9,该版本当前支持HS256
,HS512
和RS256
签名算法。未来将根据deno加密模块支持的可用性来添加更多算法。
阅读this answer,了解如何验证RS256签名令牌。
注意:该答案已被重写,以涵盖1.9版中djwt api的重大更改。 old version of this post基于djwt v1.7