问题描述
请帮我解码这个 jwt 使用 python jose 模块。
我不知道我应该使用什么 key。因为任何在线jwt解码器都可以在没有任何密钥的情况下对其进行解码。
token = eyJhbGciOiJSUzI1NiIsImtpZCI6ImVlYTFiMWY0MjgwN2E4Y2MxMzZhMDNhM2MxNmQyOWRiODI5NmRhZjAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDEyODA4NDEwNzU2MjUwMzQwMjAiLCJlbWFpbCI6ImRzYjMyMW1wQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiWmpVY1Eyd3JkLUdzY3F2Y2dqci1BQSIsIm5vbmNlIjoiUFp2SGhsX2tUTGR1Sktmem80LW9qdyIsImlhdCI6MTYxMTY5MjA2NywiZXhwIjoxNjExNjk1NjY3fQ.kNFbqjtJO2HKsSX-jt967MLi2xjeRH4W9JsA4yPQDQEgrHqa3BX6PVFJCBjq-Fn7vmlTT1lUcElVPwtvcBUV8Z4I7dCuWKcTxTt6R8501f1I2X0tQeEu_zfg-ianzOlQkg3KvLT_D-oaifNkoU7jAt4Mywe6xHiDKszlA6KE8T6PLV_VeiCJGvciLbPW7DhKiuL-kfTjhHoZ6_XHeruR6rb_psZNvH5t-D3Yjc27EwH0_Wumcl1GjN20eF2xO-UDhO4BMRHGIM5876QUYB58dxblLG1flEaeXi9z4R-XnrLPYpAYZDYQDcPMni9fUm9d8pNZDeTGh6WyGkTqkXuHvg
我尝试过:
jwt.decode(token=token,key=???,algorithms='RS256')
解决方法
使用 PyJWT:
import jwt
from jwt import PyJWKClient
token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImVlYTFiMWY0MjgwN2E4Y2MxMzZhMDNhM2MxNmQyOWRiODI5NmRhZjAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIxNjcwMzExMDQ1NjYtYmZpMmgyODdzMWYxdTFzaWFicGI1ZWo4OHExa25nMnMuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDEyODA4NDEwNzU2MjUwMzQwMjAiLCJlbWFpbCI6ImRzYjMyMW1wQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiWmpVY1Eyd3JkLUdzY3F2Y2dqci1BQSIsIm5vbmNlIjoiUFp2SGhsX2tUTGR1Sktmem80LW9qdyIsImlhdCI6MTYxMTY5MjA2NywiZXhwIjoxNjExNjk1NjY3fQ.kNFbqjtJO2HKsSX-jt967MLi2xjeRH4W9JsA4yPQDQEgrHqa3BX6PVFJCBjq-Fn7vmlTT1lUcElVPwtvcBUV8Z4I7dCuWKcTxTt6R8501f1I2X0tQeEu_zfg-ianzOlQkg3KvLT_D-oaIfNkoU7jAt4Mywe6xHiDKszlA6KE8T6PLV_VeiCJGvciLbPW7DhKiuL-kfTjhHoZ6_XHeruR6rb_psZNvH5t-D3Yjc27EwH0_Wumcl1GjN20eF2xO-UDhO4BMRHGIM5876QUYB58dxblLG1flEaeXi9z4R-XnrLPYpAYZDYQDcPMni9fUm9d8pNZDeTGh6WyGkTqkXuHvg"
# Insecure - doesn't validate the token.
decoded = jwt.decode(token,options={"verify_signature": False})
# Optional,not sure if if this increases security
url = "https://www.googleapis.com/oauth2/v3/certs"
client = PyJWKClient(url)
pub_key = client.get_signing_key_from_jwt(token).key
aud = jwt.decode(token,options={"verify_signature": False})["aud"]
decoded = jwt.decode(token,pub_key,algorithms=["RS256"],audience=aud,options={"verify_exp": False})