Node.js 如何使用Jsonwebtoken NPM包验证Azure AD发布的JWT令牌?
我正在尝试使用jsonwebtoken NPM包来验证Azure Active Directory发布的JWT令牌。以下是我编写的node.js代码:Node.js 如何使用Jsonwebtoken NPM包验证Azure AD发布的JWT令牌?,node.js,jwt,Node.js,Jwt,我正在尝试使用jsonwebtoken NPM包来验证Azure Active Directory发布的JWT令牌。以下是我编写的node.js代码: var jwt = require('jsonwebtoken'); var token = '<valid JWT token>'; var x5cString = '<x5cSTring>'; var publicKey = '-----BEGIN CERTIFICATE-----\n' + x5cSt
var jwt = require('jsonwebtoken');
var token = '<valid JWT token>';
var x5cString = '<x5cSTring>';
var publicKey = '-----BEGIN CERTIFICATE-----\n' + x5cString + '\n-----END CERTIFICATE-----';
var verifiedToken = jwt.verify(token, publicKey) //, verifyOptions);
在上面的代码中,jwt.verify调用getKey,该getKey以header和callback作为参数。我不明白jwt.verify函数是如何将“header”参数传递给getKey的。下面是我检索到的标题。如何将此头传递给jwt.verify中的getKey
var decoded = jwt.decode(token, {complete: true});
var header = decoded.header
好的,我找到了解决办法。下面是我的最终代码
var jwksClient = require('jwks-rsa');
var jwt = require('jsonwebtoken');
token = 'valid JWT token';
var decoded = jwt.decode(token, {complete: true});
var header = decoded.header
var verifyOptions = {
algorithms: ['RS256'],
header: decoded.header
};
var client = jwksClient({
jwksUri: 'https://login.microsoftonline.com/common/discovery/keys'
});
function getKey(header, callback){
client.getSigningKey(header.kid, function(err, key) {
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
jwt.verify(token, getKey, verifyOptions, function(err, decoded) {
//This will display the decoded JWT token.
console.log(decoded)
});
如果您同意间接使用jsonwebtoken,那么可以使用 看看如何做到这一点,代码与您自己的答案比较好 还有一些旧版本没有维护,并且存在一些安全漏洞,这些漏洞的作用非常类似 对于官方建议的库,请尝试此处
var jwksClient = require('jwks-rsa');
var jwt = require('jsonwebtoken');
token = 'valid JWT token';
var decoded = jwt.decode(token, {complete: true});
var header = decoded.header
var verifyOptions = {
algorithms: ['RS256'],
header: decoded.header
};
var client = jwksClient({
jwksUri: 'https://login.microsoftonline.com/common/discovery/keys'
});
function getKey(header, callback){
client.getSigningKey(header.kid, function(err, key) {
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
jwt.verify(token, getKey, verifyOptions, function(err, decoded) {
//This will display the decoded JWT token.
console.log(decoded)
});