donglieshe4692 2016-01-12 21:48
浏览 574


In PHP, I'm trying to validate an AWS auth token (JWT returned from getOpenIdTokenForDeveloperIdentity) using the AWS's RSA public key (which I generated from modulus/exponent at The key begins with the appropriate headers/footers -----BEGIN RSA PUBLIC KEY----- etc. I've looked at a few PHP libraries like Emarref\Jwt\Jwt, however I get the error: error:0906D06C:PEM routines:PEM_read_bio:no start line. It all boils down to the basic php function: openssl_verify.

I've looked at the for openssl-verify, but I'm still not clear on the parameter details. The algorithm needed is RS512.

I am able to verify the JWT token using node.js with no problems (same key and token). For that I used the library:

Not sure why this doesn't work in PHP. Can I not use an RSA Public Key?

function verifyKey($public_key) {
  $jwt = new Emarref\Jwt\Jwt();

  $algorithm = new Emarref\Jwt\Algorithm\Rs512();
  $factory = new Emarref\Jwt\Encryption\Factory();
  $encryption = $factory->create($algorithm);
  $context = new Emarref\Jwt\Verification\Context($encryption);
  $token = $jwt->deserialize($authToken);

  try {
    $jwt->verify($token, $context);
  } catch (Emarref\Jwt\Exception\VerificationException $e) {
  • 写回答


  • dqh1992 2016-01-13 20:38

    Could you try using another PHP library:

    // File test.php
    require_once __DIR__.'/vendor/autoload.php';
    use Jose\Checker\ExpirationChecker;
    use Jose\Checker\IssuedAtChecker;
    use Jose\Checker\NotBeforeChecker;
    use Jose\Factory\KeyFactory;
    use Jose\Factory\LoaderFactory;
    use Jose\Factory\VerifierFactory;
    use Jose\Object\JWKSet;
    use Jose\Object\JWSInterface;
    // We create a JWT loader.
    $loader = LoaderFactory::createLoader();
    // We load the input
    $jwt = $loader->load($input);
    if (!$jws instanceof JWSInterface) {
        die('Not a JWS');
    // Please note that at this moment the signature and the claims are not verified
    // To verify a JWS, we need a JWKSet that contains public keys (from RSA key in your case).
    // We create our key object (JWK) using a RSA public key
    $jwk = KeyFactory::createFromPEM('-----BEGIN RSA PUBLIC KEY-----...');
    // Then we set this key in a keyset (JWKSet object)
    // Be careful, the JWKSet object is immutable. When you add a key, you get a new JWKSet object.
    $jwkset = new JWKSet();
    $jwkset = $jwkset->addKey($jwk);
    // We create our verifier object with a list of authorized signature algorithms (only 'RS512' in this example)
    // We add some checkers. These checkers will verify claims or headers.
    $verifier = VerifierFactory::createVerifier(
            new IssuedAtChecker(),
            new NotBeforeChecker(),
            new ExpirationChecker(),
    $is_valid = $verifier->verify($jws, $jwkset);
    // The variable $is_valid contains a boolean that indicates the signature is valid or not.
    // If a claim is not verified (e.g. the JWT expired), an exception is thrown.
    //Now you can use the $jws object to retreive all claims or header key/value pairs



  • ¥15 vhdl+MODELSIM
  • ¥20 simulink中怎么使用solve函数?
  • ¥30 dspbuilder中使用signalcompiler时报错Error during compilation: Fitter failed,求解决办法
  • ¥15 gwas 分析-数据质控之过滤稀有突变中出现的问题
  • ¥15 没有注册类 (异常来自 HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))
  • ¥15 知识蒸馏实战博客问题
  • ¥15 用PLC设计纸袋糊底机送料系统
  • ¥15 simulink仿真中dtc控制永磁同步电机如何控制开关频率
  • ¥15 用C语言输入方程怎么
  • ¥15 网站显示不安全连接问题