dsafgdafgdf45345 2017-02-07 07:43
浏览 120
已采纳

php中的Firebase令牌验证

I have a backend in php for a client in Android, I'm using the login by email/password provided by Firebase. I want to verify the token in the backend. I'm having some troubles that until now i could not fix. The first is a doubt, acording to Firebase the header will contain a kid that must match with some public key provided by them in this site: https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com well I have done some tests and I figured out that this kid is not always the same, that means that can be any of the public keys that should match with the kid: I've tested this in the jwt.io website and all works fine but then in the php code does not work. How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work, this is the code that I'm using:

<?php
   require '../vendor/autoload.php';
   use \Firebase\JWT\JWT;
   $jwt = "token from the android client";
   $key = "-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIIBhyg0WUm0qIwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw
MjA3MDA0NTI2WhcNMTcwMjEwMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANgrjKWwUlWeZukViyrrLS6nOWlgQnEahP/sRlVWCC2mkWdB
9NXsE7L8ZY9uhGNBEC8KknzpeFSJFKBVfRW7onrReCuz2RPJ5tk/7ZP2naY3mLO8
kU/aHlIYfvcmtJzlISABCLMg5RiUY1IhQDSj8kYKVTo2JhD/plZZ85xHHJ8BpHQv
WbvtlAJ4WqG8NstOG+LoOMr8Ayi7xsPw4AyT6iHnXcFExzvVsHs/7UBkJKF4eX8L
ocbdfs8qb9T/Bua8mRUahVj9hHntoxG0TCOpV+frxBwHw+wZgig/FRod9u5FirMC
9tjctwaf9b5pSHMhVhPTAuqg3xwMr/Wq76lCNTkCAwEAAaM4MDYwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADggEBABcOJ8zqu+RH9UXf90O2mRMY2CjiLWowIzOX2l+2aHfm
d9QUM4EpS+E0UbmaOsiMSkxs4rWGppWPqC8Y4dypctXtzftWNMatPZyLni4zLT/t
KDItjmaN9QrBo1XL+TUg7fw876C4G3xGldqTNgjrQwyQI1QhnNJHpbWqkjJkixX5
dZ45E+UVoc1uw5VlbdN4/NUKQ4OOKyvHIn5dupNFOF1xrkQmEexE7NA5dENGP07j
o2XDfaOCDKiugV6vCIsQZo9BqTRJIC/3PZFfIyvxmwm5Vq9CInGX1DKS2ToasM5H
nc5B3AxX3+6fosel/yQZaRfyy7o/FiVdj3gIF+MPe7s=
-----END CERTIFICATE-----
";
   $decoded = JWT::decode($jwt, $key, array('RS256'));
   var_dump($decoded);
?>

This script are giving me some kind of error.

I will appreciate any help.

  • 写回答

1条回答 默认 最新

  • duanou8504 2017-02-07 13:27
    关注

    How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

    KID header is not encoded. It is a string value that represents an array key, which points to valid public key. First, you have to get the public keys JSON from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com. Then, decode it to an array and use your KID to get the proper public key.

    The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work

    What is the error you are getting? Are you using correct algorithm? Try changing RS256 to HS256.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • php实现firebase:在firebase查找令牌 database php
    2017-08-23 08:55
    回答 1 已采纳 1) DEFAULT_PATH Default path is your main project path. When you create new project on firebase.
  • Firebase存储上传php php
    2018-04-12 08:01
    回答 1 已采纳 By using $_FILES['imageToUpload']['tmp_name'], you are using the temporary name of the uploaded im
  • Firebase index.php node.js php
    2018-06-12 21:35
    回答 1 已采纳 Firebase hosting is for hosting static assets. PHP is executable, so it can't be used in Firebase
  • php使用jwt 验证 firebase令牌ID
    2021-04-23 16:09
    闲不住的程序员的博客 composer require firebase/php-jwt github仓库地址: php-jwt 基本使用 <?php require_once __DIR__.'/vendor/autoload.php'; ini_set("display_errors", "On"); error_reporting(E_ALL | E_STRICT); use \...
  • Firebase + PHP - Cloud Firestore php
    2018-09-18 23:46
    回答 1 已采纳 you should use the google-cloud-php-firestore FirestoreClient, instead. because what you have the
  • Firebase数据库规则+身份验证无效 php
    2018-02-09 21:14
    回答 1 已采纳 As Frank mentioned in the comments, you must call setToken() in order to authenticate all subseque
  • firebase messaging api php订阅主题411错误 php
    2017-05-11 19:53
    回答 1 已采纳 The example in the documentation shows use of a Content-Length header: https://iid.googleapis.com
  • PHP使用谷歌令牌做登录验证
    2019-06-04 20:43
    江枫渔火L的博客 来自:...1、下载PHP版的GoogleAuthenticator,代码如下,可新建文件googleAuthenticator.php然后复制粘贴进去 class PHPGangsta_GoogleAuthenticator { protected $_codeLength = 6; /** * Cr...
  • Firebase自定义身份验证传递令牌
    2016-03-19 20:36
    回答 1 已采纳 If I understand the flow correctly, then what you're missing is an end point that your app user ta
  • PHP怎么使用jwt生成 token并且验证 php
    2021-12-01 13:06
    回答 2 已采纳 第一 账号密码登录 获取tokenJWT需要composer安装下,然后调用 $jwt_config = [ 'iss' => config('jwt.iss'), //签发者 可选
  • Firebase JWT:签名验证失败 php
    2016-02-29 18:30
    回答 1 已采纳 You don't need $secretKey or base64_decode the key for that matter, just do: $jwt = \Firebase\JWT
  • php firebase php-jwt,phpFirebase JWT库无法验证Python JWT令牌
    2021-04-24 15:11
    周雨鑫的博客 所以我有一个客户端在...当php令牌进行编码和解码时,一切正常.但是当我从python编码令牌并用php解码它们时,Firebase库返回一个错误:Firebase\JWT\SignatureInvalidException Object([message:protected] =&gt...
  • FirebaseWebService:Symfony 3.4用于Firebase的Web服务
    2021-05-15 17:39
    为了确保安全性,可能还会使用Firebase的认证机制,通过OAuth 2.0令牌验证API请求。 在实现Firebase Web服务时,可能会有以下关键知识点: 1. **Firebase Authentication**: 使用Firebase的用户认证系统,为应用...
  • php对接firebase验证jwt的令牌ID客户端id_token
    2024-02-29 17:38
    大力水手z的博客 最近因为项目需要对接谷歌,里面获取用户登录信息需要对接到firebase,以前没接触过,文档看的迷迷糊糊,网上资料也是比较少,今天总结一下自己的开发经验。
  • PHP使用JWT实现接口令牌验证
    2019-07-11 10:00
    李睡睡的博客 JWT封装控制器 namespace api\user\controller; use cmf\controller\...use Firebase\JWT\JWT; //JWT集成包 use think\Cache; use think\Model; /** * Class JWT * @package app\plugins\jwt */ c...
  • php firebase/php-jwt token验证
    2018-11-08 11:37
    我是高手高手高高手的博客 结合这个案例: JWT实战:使用axios+PHP实现...一:JWT介绍:全称JSON Web Token,基于JSON的开放标准((RFC 7519) ,以token的方式代替传统的Cookie-Session模式,用于各服务器、客户端传递信息签名验证。 二:...
  • php-jwt:一个文件
    2021-03-03 11:05
    PHP-JWT库,你可以使用`Firebase\JWT\JWT`类来生成和验证JWT。例如,创建一个JWT可能如下所示: ```php use Firebase\JWT\JWT; $secret = 'your_secret_key'; $data = ['sub' => '123456', 'name' => 'John ...
  • api_php
    2021-03-17 22:08
    - JWT用于安全的身份验证,生成和验证令牌。 - 使用库如firebase/php-jwt来实现。 8. API版本控制: - 通过URL路径(如`/v1/users`)或Accept请求头管理不同版本的API。 - 使用间件或路由群组区分版本。 9. ...
  • PHP JWT初识及其简单示例
    2020-10-17 21:21
    PHP实现JWT的生成和验证,常使用Firebase提供的JWT库。比如文章的代码示例,首先通过require_once引入了JWT.php,然后定义了一个密钥KEY,用于JWT的签名。在login函数验证用户信息后生成JWT令牌,并在info...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀