gpt4 book ai didi

c# - 在 c# 中使用 ---PUBLIC KEY--- 验证 JWT (ES256) token

转载 作者:行者123 更新时间:2023-12-04 15:37:40 33 4
gpt4 key购买 nike

我有一个由我的 AWS ALB 使用 OpenID 连接器创建的 JWT。我需要在我的 c# 应用程序中验证 token 。但我很难让它发挥作用。

AWS 在此处描述了 token 验证:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html?icmpid=docs_elbv2_console

它应该分 3 个步骤工作:

  • 从 token 中获取 key ID
  • 从 aws alb 端点读取公钥 (https://public-keys.auth.elb.' + region + '.amazonaws.com/' + key id)
  • 使用 key
  • 解密有效负载

    这是我得到的 JWT:

    eyJ0eXAiOiJKV1QiLCJraWQiOiJjODE4ZTcxNi01OTAxLTQzOWQtOWFlZC1lYmRmODAyYjZkYTkiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vc2llbWVucy1xYS0wMDA2OS5ldS5hdXRoMC5jb20vIiwiY2xpZW50IjoiMndsS3k0YlRXbGpZWm9KYXZRSVFqVTE3OUprVG4zNDAiLCJzaWduZXIiOiJhcm46YXdzOmVsYXN0aWNsb2FkYmFsYW5jaW5nOmV1LWNlbnRyYWwtMTo0ODU2ODM0ODcxOTY6bG9hZGJhbGFuY2VyL2FwcC9maW5kLXRlc3QtYWxiLzU3YzBmMWYzZjg0YzZjMjEiLCJleHAiOjE1NzU1NDMwMzN9.eyJzdWIiOiJvYXV0aDJ8bWFpbi10ZW5hbnQtb2lkY3xzYW1scHxTaWVtZW5zfFowMDJFSk5VIiwiZ2l2ZW5fbmFtZSI6IlJhcGhhZWwiLCJmYW1pbHlfbmFtZSI6IlNjaG5haXRsIiwibmlja25hbWUiOiJSYXBoYWVsIiwibmFtZSI6IlJhcGhhZWwgU2NobmFpdGwiLCJwaWN0dXJlIjoiaHR0cHM6Ly9zLmdyYXZhdGFyLmNvbS9hdmF0YXIvODkzNWVlY2QzMDc2ZTAyMTQ5ODE2MTZmZjBkZTRkZjI_cz00ODAmcj1wZyZkPWh0dHBzJTNBJTJGJTJGY2RuLmF1dGgwLmNvbSUyRmF2YXRhcnMlMkZyYS5wbmciLCJ1cGRhdGVkX2F0IjoiMjAxOS0xMi0wNVQxMDo0ODozMy4wNjhaIiwiZXhwIjoxNTc1NTQzMDMzLCJpc3MiOiJodHRwczovL3NpZW1lbnMtcWEtMDAwNjkuZXUuYXV0aDAuY29tLyJ9.M39aPefXmaDGzaDd0qHcQHMhvugTVN4i4pyvGJ-7fayewU9vZdtKvSzFF9rVal8GEz7HKTr_auqMw9HemOWyag==



    因此, key ID 是: c818e716-5901-439d-9aed-ebdf802b6da9
    公钥:
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENARdEGaEpfgHph3440UodVsQdqxi
    PYz+l1aEcz+Bivr6emXDnor1nET94dbPqYxk+vtUHGkgOb44VPEZUe4ijQ==
    -----END PUBLIC KEY-----

    我尝试使用以下方法验证代码:
  • 使用 System.IdentityModel.Tokens.Jwt命名空间。但是我无法将公钥作为字符串提供给 ValidationParameters。我遵循了这个答案的类似方法 https://stackoverflow.com/a/51866939/2250672 .感觉很复杂而且容易出错。由于一整天后我无法让它工作,我决定继续使用提供相同功能的 nuget 软件包之一。
  • 使用 JWT nuget 包,但它不支持 AWS ALB 使用的算法。
  • 使用 Jose.JWT nuget 包使用以下代码:
  • Jose.JWT.Decode(__token, publicKeyPem, Jose.JwsAlgorithm.ES256)
    收到以下错误:

    ERROR: Script execution failed. [ArgumentException] EcdsaUsingSha algorithm expects key to be of either CngKey or ECDsa types.



    如何在 C# 中简单地从 AWS ALB 验证 JWT?

    最佳答案

    公钥在 https://siemens-qa-00069.eu.auth0.com/.well-known/openid-configuration 上不可用.因此,您可以尝试手动方法:

        private static ECDsa LoadPublicKey(byte[] key)
    {
    byte[] pubKeyX = key.Skip(27).Take(32).ToArray();
    byte[] pubKeyY = key.Skip(59).Take(32).ToArray();
    return ECDsa.Create(new ECParameters
    {
    Curve = ECCurve.NamedCurves.nistP256,
    Q = new ECPoint
    {
    X = pubKeyX,
    Y = pubKeyY
    }
    });
    }
            string key = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENARdEGaEpfgHph3440UodVsQdqxiPYz+l1aEcz+Bivr6emXDnor1nET94dbPqYxk+vtUHGkgOb44VPEZUe4ijQ==";
    ECDsa ecdsa = LoadPublicKey(Convert.FromBase64String(key));
    string authorizationDomain = "https://siemens-qa-00069.eu.auth0.com/";
    string jwt = "eyJ0eXAiOiJKV1QiLCJraWQiOiJjODE4ZTcxNi01OTAxLTQzOWQtOWFlZC1lYmRmODAyYjZkYTkiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vc2llbWVucy1xYS0wMDA2OS5ldS5hdXRoMC5jb20vIiwiY2xpZW50IjoiMndsS3k0YlRXbGpZWm9KYXZRSVFqVTE3OUprVG4zNDAiLCJzaWduZXIiOiJhcm46YXdzOmVsYXN0aWNsb2FkYmFsYW5jaW5nOmV1LWNlbnRyYWwtMTo0ODU2ODM0ODcxOTY6bG9hZGJhbGFuY2VyL2FwcC9maW5kLXRlc3QtYWxiLzU3YzBmMWYzZjg0YzZjMjEiLCJleHAiOjE1NzU1NDMwMzN9.eyJzdWIiOiJvYXV0aDJ8bWFpbi10ZW5hbnQtb2lkY3xzYW1scHxTaWVtZW5zfFowMDJFSk5VIiwiZ2l2ZW5fbmFtZSI6IlJhcGhhZWwiLCJmYW1pbHlfbmFtZSI6IlNjaG5haXRsIiwibmlja25hbWUiOiJSYXBoYWVsIiwibmFtZSI6IlJhcGhhZWwgU2NobmFpdGwiLCJwaWN0dXJlIjoiaHR0cHM6Ly9zLmdyYXZhdGFyLmNvbS9hdmF0YXIvODkzNWVlY2QzMDc2ZTAyMTQ5ODE2MTZmZjBkZTRkZjI_cz00ODAmcj1wZyZkPWh0dHBzJTNBJTJGJTJGY2RuLmF1dGgwLmNvbSUyRmF2YXRhcnMlMkZyYS5wbmciLCJ1cGRhdGVkX2F0IjoiMjAxOS0xMi0wNVQxMDo0ODozMy4wNjhaIiwiZXhwIjoxNTc1NTQzMDMzLCJpc3MiOiJodHRwczovL3NpZW1lbnMtcWEtMDAwNjkuZXUuYXV0aDAuY29tLyJ9.M39aPefXmaDGzaDd0qHcQHMhvugTVN4i4pyvGJ-7fayewU9vZdtKvSzFF9rVal8GEz7HKTr_auqMw9HemOWyag==";
    TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
    {
    ValidIssuer = authorizationDomain,
    ValidateAudience = false,
    IssuerSigningKey = new ECDsaSecurityKey(ecdsa)
    };
    try
    {
    JwtSecurityTokenHandler jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
    jwtSecurityTokenHandler.ValidateToken(jwt, tokenValidationParameters, out _);
    return true;
    }
    catch (SecurityTokenException)
    {
    return false;
    }

    问题是我无法测试它,因为在我的机器上(Windows 10 + .NET Core 2.1)我收到这个错误:

    System.PlatformNotSupportedException: The specified curve 'nistP256' or its parameters are not valid for this platform. ---> Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The parameter is incorrect

    关于c# - 在 c# 中使用 ---PUBLIC KEY--- 验证 JWT (ES256) token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59211413/

    33 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com