dsafgdafgdf45345 2017-02-07 07:43
浏览 119
已采纳

php中的Firebase令牌验证

I have a backend in php for a client in Android, I'm using the login by email/password provided by Firebase. I want to verify the token in the backend. I'm having some troubles that until now i could not fix. The first is a doubt, acording to Firebase the header will contain a kid that must match with some public key provided by them in this site: https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com well I have done some tests and I figured out that this kid is not always the same, that means that can be any of the public keys that should match with the kid: I've tested this in the jwt.io website and all works fine but then in the php code does not work. How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work, this is the code that I'm using:

<?php
   require '../vendor/autoload.php';
   use \Firebase\JWT\JWT;
   $jwt = "token from the android client";
   $key = "-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIIBhyg0WUm0qIwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw
MjA3MDA0NTI2WhcNMTcwMjEwMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANgrjKWwUlWeZukViyrrLS6nOWlgQnEahP/sRlVWCC2mkWdB
9NXsE7L8ZY9uhGNBEC8KknzpeFSJFKBVfRW7onrReCuz2RPJ5tk/7ZP2naY3mLO8
kU/aHlIYfvcmtJzlISABCLMg5RiUY1IhQDSj8kYKVTo2JhD/plZZ85xHHJ8BpHQv
WbvtlAJ4WqG8NstOG+LoOMr8Ayi7xsPw4AyT6iHnXcFExzvVsHs/7UBkJKF4eX8L
ocbdfs8qb9T/Bua8mRUahVj9hHntoxG0TCOpV+frxBwHw+wZgig/FRod9u5FirMC
9tjctwaf9b5pSHMhVhPTAuqg3xwMr/Wq76lCNTkCAwEAAaM4MDYwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADggEBABcOJ8zqu+RH9UXf90O2mRMY2CjiLWowIzOX2l+2aHfm
d9QUM4EpS+E0UbmaOsiMSkxs4rWGppWPqC8Y4dypctXtzftWNMatPZyLni4zLT/t
KDItjmaN9QrBo1XL+TUg7fw876C4G3xGldqTNgjrQwyQI1QhnNJHpbWqkjJkixX5
dZ45E+UVoc1uw5VlbdN4/NUKQ4OOKyvHIn5dupNFOF1xrkQmEexE7NA5dENGP07j
o2XDfaOCDKiugV6vCIsQZo9BqTRJIC/3PZFfIyvxmwm5Vq9CInGX1DKS2ToasM5H
nc5B3AxX3+6fosel/yQZaRfyy7o/FiVdj3gIF+MPe7s=
-----END CERTIFICATE-----
";
   $decoded = JWT::decode($jwt, $key, array('RS256'));
   var_dump($decoded);
?>

This script are giving me some kind of error.

I will appreciate any help.

  • 写回答

1条回答 默认 最新

  • duanou8504 2017-02-07 13:27
    关注

    How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

    KID header is not encoded. It is a string value that represents an array key, which points to valid public key. First, you have to get the public keys JSON from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com. Then, decode it to an array and use your KID to get the proper public key.

    The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work

    What is the error you are getting? Are you using correct algorithm? Try changing RS256 to HS256.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • phpFirebase令牌验证 php
    2017-02-07 07:43
    回答 1 已采纳 How can i know wich public key should i use if the kid is encoded and for decode it i need that
  • php实现firebase:在firebase查找令牌 database php
    2017-08-23 08:55
    回答 1 已采纳 1) DEFAULT_PATH Default path is your main project path. When you create new project on firebase.
  • Firebase存储上传php php
    2018-04-12 08:01
    回答 1 已采纳 By using $_FILES['imageToUpload']['tmp_name'], you are using the temporary name of the uploaded im
  • php使用jwt 验证 firebase令牌ID
    2021-04-23 16:09
    闲不住的程序员的博客 composer require firebase/php-jwt github仓库地址: php-jwt 基本使用 <?php require_once __DIR__.'/vendor/autoload.php'; ini_set("display_errors", "On"); error_reporting(E_ALL | E_STRICT); use \...
  • Firebase index.php node.js php
    2018-06-12 21:35
    回答 1 已采纳 Firebase hosting is for hosting static assets. PHP is executable, so it can't be used in Firebase
  • Firebase + PHP - Cloud Firestore php
    2018-09-18 23:46
    回答 1 已采纳 you should use the google-cloud-php-firestore FirestoreClient, instead. because what you have the
  • Firebase数据库规则+身份验证无效 php
    2018-02-09 21:14
    回答 1 已采纳 As Frank mentioned in the comments, you must call setToken() in order to authenticate all subseque
  • php firebase php-jwt,phpFirebase JWT库无法验证Python JWT令牌
    2021-04-24 15:11
    周雨鑫的博客 所以我有一个客户端在...当php令牌进行编码和解码时,一切正常.但是当我从python编码令牌并用php解码它们时,Firebase库返回一个错误:Firebase\JWT\SignatureInvalidException Object([message:protected] =&gt...
  • firebase messaging api php订阅主题411错误 php
    2017-05-11 19:53
    回答 1 已采纳 The example in the documentation shows use of a Content-Length header: https://iid.googleapis.com
  • Firebase自定义身份验证传递令牌
    2016-03-19 20:36
    回答 1 已采纳 If I understand the flow correctly, then what you're missing is an end point that your app user ta
  • Firebase JWT:签名验证失败 php
    2016-02-29 18:30
    回答 1 已采纳 You don't need $secretKey or base64_decode the key for that matter, just do: $jwt = \Firebase\JWT
  • php对接firebase验证jwt的令牌ID客户端id_token
    2024-02-29 17:38
    大力水手z的博客 最近因为项目需要对接谷歌,里面获取用户登录信息需要对接到firebase,以前没接触过,文档看的迷迷糊糊,网上资料也是比较少,今天总结一下自己的开发经验。
  • PHP怎么使用jwt生成 token并且验证 php
    2021-12-01 13:06
    回答 2 已采纳 第一 账号密码登录 获取tokenJWT需要composer安装下,然后调用 $jwt_config = [ 'iss' => config('jwt.iss'), //签发者 可选
  • FirebaseWebService:Symfony 3.4用于Firebase的Web服务
    2021-05-15 17:39
    为了确保安全性,可能还会使用Firebase的认证机制,通过OAuth 2.0令牌验证API请求。 在实现Firebase Web服务时,可能会有以下关键知识点: 1. **Firebase Authentication**: 使用Firebase的用户认证系统,为应用...
  • PHP使用JWT实现接口令牌验证
    2019-07-11 10:00
    李睡睡的博客 JWT封装控制器 namespace api\user\controller; use cmf\controller\...use Firebase\JWT\JWT; //JWT集成包 use think\Cache; use think\Model; /** * Class JWT * @package app\plugins\jwt */ c...
  • php firebase/php-jwt token验证
    2018-11-08 11:37
    我是高手高手高高手的博客 结合这个案例: JWT实战:使用axios+PHP实现...一:JWT介绍:全称JSON Web Token,基于JSON的开放标准((RFC 7519) ,以token的方式代替传统的Cookie-Session模式,用于各服务器、客户端传递信息签名验证。 二:...
  • php-jwt:一个文件
    2021-03-03 11:05
    PHP-JWT库,你可以使用`Firebase\JWT\JWT`类来生成和验证JWT。例如,创建一个JWT可能如下所示: ```php use Firebase\JWT\JWT; $secret = 'your_secret_key'; $data = ['sub' => '123456', 'name' => 'John ...
  • api_php
    2021-03-17 22:08
    - JWT用于安全的身份验证,生成和验证令牌。 - 使用库如firebase/php-jwt来实现。 8. API版本控制: - 通过URL路径(如`/v1/users`)或Accept请求头管理不同版本的API。 - 使用间件或路由群组区分版本。 9. ...
  • php base auth,Firebase Auth JS / PHP
    2021-04-21 18:55
    西西nayss的博客 我的任务是为基于firebase的Android应用构建一个Web界面.我有一些与数据库交互的端点(云功能).要访问这些端点,我需要使用...我使用php并努力思考如何在我的应用程序管理经过身份验证的用户.我在php会话通过aj...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵