Fatal编程技术网
  • node.js/
  • Node.js 如何使用Jsonwebtoken NPM包验证Azure AD发布的JWT令牌?

Node.js 如何使用Jsonwebtoken NPM包验证Azure AD发布的JWT令牌?

node.js jwt

Node.js 如何使用Jsonwebtoken NPM包验证Azure AD发布的JWT令牌?,node.js,jwt,Node.js,Jwt,我正在尝试使用jsonwebtoken NPM包来验证Azure Active Directory发布的JWT令牌。以下是我编写的node.js代码: var jwt = require('jsonwebtoken'); var token = '<valid JWT token>'; var x5cString = '<x5cSTring>'; var publicKey = '-----BEGIN CERTIFICATE-----\n' + x5cSt

我正在尝试使用jsonwebtoken NPM包来验证Azure Active Directory发布的JWT令牌。以下是我编写的node.js代码:

  var jwt = require('jsonwebtoken');
  var token = '<valid JWT token>';
  var x5cString = '<x5cSTring>';
  var publicKey = '-----BEGIN CERTIFICATE-----\n' + x5cString + '\n-----END CERTIFICATE-----';

    var verifiedToken = jwt.verify(token, publicKey) //, verifyOptions);
在上面的代码中,jwt.verify调用getKey,该getKey以header和callback作为参数。我不明白jwt.verify函数是如何将“header”参数传递给getKey的。下面是我检索到的标题。如何将此头传递给jwt.verify中的getKey

var decoded = jwt.decode(token, {complete: true});
var header = decoded.header
好的,我找到了解决办法。下面是我的最终代码

var jwksClient = require('jwks-rsa');
var jwt = require('jsonwebtoken');

    token = 'valid JWT token';
    var decoded = jwt.decode(token, {complete: true});
    var header = decoded.header

    var verifyOptions = {
     algorithms: ['RS256'],
     header: decoded.header

  };


    var client = jwksClient({
      jwksUri: 'https://login.microsoftonline.com/common/discovery/keys'
    });
    function getKey(header, callback){
      client.getSigningKey(header.kid, function(err, key) {
        var signingKey = key.publicKey || key.rsaPublicKey;
        callback(null, signingKey);
      });
    }

    jwt.verify(token, getKey, verifyOptions, function(err, decoded) {
      //This will display the decoded JWT token.
      console.log(decoded)  
    });
如果您同意间接使用jsonwebtoken,那么可以使用

看看如何做到这一点,代码与您自己的答案比较好

还有一些旧版本没有维护,并且存在一些安全漏洞,这些漏洞的作用非常类似

对于官方建议的库,请尝试此处

var jwksClient = require('jwks-rsa');
var jwt = require('jsonwebtoken');

    token = 'valid JWT token';
    var decoded = jwt.decode(token, {complete: true});
    var header = decoded.header

    var verifyOptions = {
     algorithms: ['RS256'],
     header: decoded.header

  };


    var client = jwksClient({
      jwksUri: 'https://login.microsoftonline.com/common/discovery/keys'
    });
    function getKey(header, callback){
      client.getSigningKey(header.kid, function(err, key) {
        var signingKey = key.publicKey || key.rsaPublicKey;
        callback(null, signingKey);
      });
    }

    jwt.verify(token, getKey, verifyOptions, function(err, decoded) {
      //This will display the decoded JWT token.
      console.log(decoded)  
    });