dsafgdafgdf45345 2017-02-07 07:43
浏览 119
已采纳

php中的Firebase令牌验证

I have a backend in php for a client in Android, I'm using the login by email/password provided by Firebase. I want to verify the token in the backend. I'm having some troubles that until now i could not fix. The first is a doubt, acording to Firebase the header will contain a kid that must match with some public key provided by them in this site: https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com well I have done some tests and I figured out that this kid is not always the same, that means that can be any of the public keys that should match with the kid: I've tested this in the jwt.io website and all works fine but then in the php code does not work. How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work, this is the code that I'm using:

<?php
   require '../vendor/autoload.php';
   use \Firebase\JWT\JWT;
   $jwt = "token from the android client";
   $key = "-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIIBhyg0WUm0qIwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw
MjA3MDA0NTI2WhcNMTcwMjEwMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANgrjKWwUlWeZukViyrrLS6nOWlgQnEahP/sRlVWCC2mkWdB
9NXsE7L8ZY9uhGNBEC8KknzpeFSJFKBVfRW7onrReCuz2RPJ5tk/7ZP2naY3mLO8
kU/aHlIYfvcmtJzlISABCLMg5RiUY1IhQDSj8kYKVTo2JhD/plZZ85xHHJ8BpHQv
WbvtlAJ4WqG8NstOG+LoOMr8Ayi7xsPw4AyT6iHnXcFExzvVsHs/7UBkJKF4eX8L
ocbdfs8qb9T/Bua8mRUahVj9hHntoxG0TCOpV+frxBwHw+wZgig/FRod9u5FirMC
9tjctwaf9b5pSHMhVhPTAuqg3xwMr/Wq76lCNTkCAwEAAaM4MDYwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADggEBABcOJ8zqu+RH9UXf90O2mRMY2CjiLWowIzOX2l+2aHfm
d9QUM4EpS+E0UbmaOsiMSkxs4rWGppWPqC8Y4dypctXtzftWNMatPZyLni4zLT/t
KDItjmaN9QrBo1XL+TUg7fw876C4G3xGldqTNgjrQwyQI1QhnNJHpbWqkjJkixX5
dZ45E+UVoc1uw5VlbdN4/NUKQ4OOKyvHIn5dupNFOF1xrkQmEexE7NA5dENGP07j
o2XDfaOCDKiugV6vCIsQZo9BqTRJIC/3PZFfIyvxmwm5Vq9CInGX1DKS2ToasM5H
nc5B3AxX3+6fosel/yQZaRfyy7o/FiVdj3gIF+MPe7s=
-----END CERTIFICATE-----
";
   $decoded = JWT::decode($jwt, $key, array('RS256'));
   var_dump($decoded);
?>

This script are giving me some kind of error.

I will appreciate any help.

  • 写回答

1条回答 默认 最新

  • duanou8504 2017-02-07 13:27
    关注

    How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

    KID header is not encoded. It is a string value that represents an array key, which points to valid public key. First, you have to get the public keys JSON from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com. Then, decode it to an array and use your KID to get the proper public key.

    The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work

    What is the error you are getting? Are you using correct algorithm? Try changing RS256 to HS256.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 arduino控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿
  • ¥100 关于使用MATLAB中copularnd函数的问题