Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Security Alexa accessToken JWT编码了吗?_Security_Oauth 2.0_Jwt_Digital Signature_Alexa - Fatal编程技术网
Fatal编程技术网
  • security/
  • Security Alexa accessToken JWT编码了吗?

Security Alexa accessToken JWT编码了吗?

security oauth-2.0 jwt

Security Alexa accessToken JWT编码了吗?,security,oauth-2.0,jwt,digital-signature,alexa,Security,Oauth 2.0,Jwt,Digital Signature,Alexa,在Alexa skill中配置OAuth 2.0后,我看到Alexa请求中的accessCode值: { "version": "1.0", "session": { "new": true, "sessionId": "amzn1.echo-api.session.ee83f187-e2ac-4c4b-8aed-8ba4318f3f2f", "application": { "applicationId": "amzn1.ask.skill.db1bac

在Alexa skill中配置OAuth 2.0后,我看到Alexa请求中的
accessCode
值:

{
"version": "1.0",
"session": {
    "new": true,
    "sessionId": "amzn1.echo-api.session.ee83f187-e2ac-4c4b-8aed-8ba4318f3f2f",
    "application": {
        "applicationId": "amzn1.ask.skill.db1bac88-183d-409c-9d3e-0e69fa0f5fe2"
    },
    "user": {
        "userId": "amzn1.ask.account.AGX2NO3NXXDS6NLEZMDZXMRZZPJ3DLEERYK7J3NUPFUYRADFB2HRILB7BZVTN336OFVSNFFUP3VDVFHERK5PKQE5H32EQ5GGWTT67EMDQKP22Q7NTXXNYDUTYNCYI6EJUEODQ54VHKW4JSWVCS7JINWLYH2LICQVETFGZBY6NBDJVEX66VCGCZMRTFZYAG2E3IXDPMPVF3U4VMY",
        "accessToken": "Atza|IwEBIP0j7B1xImJOKy0dTxYcNFzZq65Yk2WG9HeDvvKQPQALcs77zkf0_PcrifZ36HFYn5eq74aErU5QsPhlqCkMFU2H1EyLAKr3uPXFQxHWpI0p1Y9vJZ5MqPBEj-RxKyFuRc7IeYOA8L8Kz3BRJY7J96obb279WAWQe9HstuEWWeNSh9b9ZHrMKqW3ooPftt_0dTBYUSIE0ukmzwWsYrNa_HaMduby8gyTnV8pxFc6tWnwpMgs03T6rBoTOmTSC_7MzvW-wIRN4b9PjFi_7L_3Sd505MUmB9MhYp3LOhvkP5qj3J3lBFXV6FzGJ0N_v2ohg8pX4XglktyIm1GVOdBIhKjy_3aRzXqzSey7WVSbPeSpUwQoB8TLjDcom-A9_Ax3usqxGdpkHtyc7e67N0wbF6G_DjUth0m-SeOeG7FAr_yVbJo0DJfihriGcVRQ40oKehpHG1pvn2PpT98j3LKSC_Z9xFKgyxbZfM2vXdyTiiMMHIcB_u4mwLuXtrsYY-cQzSFrU_Chj3Tcrhj5Ts87ZecBNvnvdEGIa_FecO7CQUJjwIiKOai-gVwfvm6o4vYzC-0"
    }
},
"context": {
    "System": {
        "application": {
            "applicationId": "amzn1.ask.skill.db1bac88-183d-409c-9d3e-0e69fa0f5fe2"
        },
        "user": {
            "userId": "amzn1.ask.account.AGX2NO3NXXDS6NLEZMDZXMRZZPJ3DLEERYK7J3NUPFUYRADFB2HRILB7BZVTN336OFVSNFFUP3VDVFHERK5PKQE5H32EQ5GGWTT67EMDQKP22Q7NTXXNYDUTYNCYI6EJUEODQ54VHKW4JSWVCS7JINWLYH2LICQVETFGZBY6NBDJVEX66VCGCZMRTFZYAG2E3IXDPMPVF3U4VMY",
            "accessToken": "Atza|IwEBIP0j7B1xImJOKy0dTxYcNFzZq65Yk2WG9HeDvvKQPQALcs77zkf0_PcrifZ36HFYn5eq74aErU5QsPhlqCkMFU2H1EyLAKr3uPXFQxHWpI0p1Y9vJZ5MqPBEj-RxKyFuRc7IeYOA8L8Kz3BRJY7J96obb279WAWQe9HstuEWWeNSh9b9ZHrMKqW3ooPftt_0dTBYUSIE0ukmzwWsYrNa_HaMduby8gyTnV8pxFc6tWnwpMgs03T6rBoTOmTSC_7MzvW-wIRN4b9PjFi_7L_3Sd505MUmB9MhYp3LOhvkP5qj3J3lBFXV6FzGJ0N_v2ohg8pX4XglktyIm1GVOdBIhKjy_3aRzXqzSey7WVSbPeSpUwQoB8TLjDcom-A9_Ax3usqxGdpkHtyc7e67N0wbF6G_DjUth0m-SeOeG7FAr_yVbJo0DJfihriGcVRQ40oKehpHG1pvn2PpT98j3LKSC_Z9xFKgyxbZfM2vXdyTiiMMHIcB_u4mwLuXtrsYY-cQzSFrU_Chj3Tcrhj5Ts87ZecBNvnvdEGIa_FecO7CQUJjwIiKOai-gVwfvm6o4vYzC-0"
        },
        "device": {
            "deviceId": "amzn1.ask.device.AGUTTO7VCXPCUUSXNDCNO6LK7LZHUKPDGZBOXUOBNRNOBGD7FHBJWHOK3LJNQX4U47HTFLUXJ6MHBL6V7UCDNTWOMBJIP5R4R2ZVK3XJX42PEZG6J6TCS3U7NSYZZ3PDCUSH22CY7LYGNIK2MGXCUGR4ITQQ",
            "supportedInterfaces": {}
        },
        "apiEndpoint": "https://api.amazonalexa.com",
        "apiAccessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJhdWQiOiJodHRwczovL2FwaS5hbWF6b25hbGV4YS5jb20iLCJpc3MiOiJBbGV4YVNraWxsS2l0Iiwic3ViIjoiYW16bjEuYXNrLnNraWxsLmRiMWJhYzg4LTE4M2QtNDA5Yy05ZDNlLTBlNjlmYTBmNWZlMiIsImV4cCI6MTUzNjc0OTc3NywiaWF0IjoxNTM2NzQ2MTc3LCJuYmYiOjE1MzY3NDYxNzcsInByaXZhdGVDbGFpbXMiOnsiY29uc2VudFRva2VuIjpudWxsLCJkZXZpY2VJZCI6ImFtem4xLmFzay5kZXZpY2UuQUdVVFRPN1ZDWFBDVVVTWE5EQ05PNkxLN0xaSFVLUERHWkJPWFVPQk5STk9CR0Q3RkhCSldIT0szTEpOUVg0VTQ3SFRGTFVYSjZNSEJMNlY3VUNETlRXT01CSklQNVI0UjJaVkszWEpYNDJQRVpHNko2VENTM1U3TlNZWlozUERDVVNIMjJDWTdMWUdOSUsyTUdYQ1VHUjRJVFFRIiwidXNlcklkIjoiYW16bjEuYXNrLmFjY291bnQuQUdYMk5PM05YWERTNk5MRVpNRFpYTVJaWlBKM0RMRUVSWUs3SjNOVVBGVVlSQURGQjJIUklMQjdCWlZUTjMzNk9GVlNORkZVUDNWRFZGSEVSSzVQS1FFNUgzMkVRNUdHV1RUNjdFTURRS1AyMlE3TlRYWE5ZRFVUWU5DWUk2RUpVRU9EUTU0VkhLVzRKU1dWQ1M3SklOV0xZSDJMSUNRVkVURkdaQlk2TkJESlZFWDY2VkNHQ1pNUlRGWllBRzJFM0lYRFBNUFZGM1U0Vk1ZIn19.R4GgGcxPUNtYsjulREFD_a0n2L1RHoI9yC6wS5lHQ7t_ZCcBvL2CrCtjdHpSyL3y7x6QJzQP-iARDmw5T1MKISa3iXuopGj-7MuSfUiyUX3aq2PZR5iuKKL0ZtnmuHSEGB5QcVJ6KaKRj3RmvflhE7x6JGbnFR7L8f2zusQl9s-7H14-FHE9ZPIp52rzhFMgTyrsX39Jt0CQlEX9J1JpAUej9SHmUtCV4PK1_uOOxdToqhQId1L4Vs8h9q5CDF-W4moDV5CQAwbZzU8MuOcdjMD5FtTn1V_eQMSZu4FwyHk3BXexxJxAtP-7jiL0qdCQ9aVT5sLuLr8scfisuujUEA"
    }
},
"request": {
    "type": "LaunchRequest",
    "requestId": "amzn1.echo-api.request.c8780c62-a494-4fbc-b071-4d9e9ead3504",
    "timestamp": "2018-09-12T09:56:17Z",
    "locale": "en-US",
    "shouldLinkResultBeReturned": false
}
}

但是,此代码似乎不是有效的JWT令牌:

是这样,还是我做错了什么(也许提供了不同的算法)

Alexa的“accessToken”是否符合任何令牌标准

提前谢谢。

Alexa只需传递它从授权服务器收到的
accessToken
。这完全取决于授权服务器发出哪种类型的令牌

AccessToken是表示最终用户的凭证 (资源所有者)在另一个系统中。令牌应该标识用户 在另一个系统中

如果帐户链接成功,Alexa现在将存储一个访问令牌(由另一个系统提供),用于识别另一个系统中的用户。该令牌现在包含在对该技能的所有请求中,因此该技能可以在需要时访问其他系统中的用户信息。

apiAccessToken是一个JWT,易于识别,因为它以
ey…
开头。我不会在这里发布这个,因为它包含您的用户ID和设备ID,不确定这是否会导致安全问题。是否有可能以某种方式获得用户在帐户链接期间提供的真实
用户ID
(从令牌或其他方式),而不是Alexa(
amzn1.ask.account.[此处的唯一值]
)如和中所述,这意味着id根据执行环境(平台)的不同而不同:我们没有看到这种行为。我们可能遗漏了什么?prod中进行帐户链接的authn/authzn系统位于我们组织的边界之外,因此我们希望通过Alexa的请求获得一个真正的用户ID。可能吗?