I am playing around with DEX and openldap. When I get a token back in my browser and put it into JWT debugger with the public key i generated, it doesn't verify the signature. I am trying to step through the code of DEX, but the debugging tools are not really working on my computer. I have resorted to log statements. I can't really find where I can observe the signing of the token to see if the program is using the keys i provided or not. Which function actually signs the token and how can I observe what key it uses to sign?
1条回答 默认 最新
- dongzhihong3940 2018-11-27 19:51关注
The key can be read from the DEX "keys" endpoint which can be obtained from:
http://your.dex.com/.well-known/openid-configuration
Typically, it would be something like:
After that, the public keys can be extracted using the following program:
https://play.golang.org/p/wVusucNGDI
One of those keys will be able to validate the token:
from jose import jwt key = '''-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT9AtIlC8MxhLYhz8ODH ... +QIDAQAB -----END PUBLIC KEY-----''' encoded = 'eyJh...ocw' audience = '' if audience == "": opts = {"verify_aud": False} else: opts = {} opts['verify_at_hash'] = False decoded = jwt.decode(encoded, key, audience=audience, options=opts) print(decoded)
解决 无用评论 打赏 举报
悬赏问题
- ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
- ¥50 我撰写的python爬虫爬不了 要爬的网址有反爬机制
- ¥15 Centos / PETSc / PETGEM
- ¥15 centos7.9 IPv6端口telnet和端口监控问题
- ¥120 计算机网络的新校区组网设计
- ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
- ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
- ¥20 海浪数据 南海地区海况数据,波浪数据
- ¥20 软件测试决策法疑问求解答
- ¥15 win11 23H2删除推荐的项目,支持注册表等