如何检查生成的JWT令牌是否有效,因为在jwt.io网站上显示为无效签名?

huangapple go评论144阅读模式
英文:

How to check generated JWT Token is valid or not, because in jwt.io website says invalid signature?

问题

生成的JWT令牌如下所示。在jwt.io网站上显示"无效的签名":

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiVFRJRCI6IjEyMzQ1NiIsImV4cCI6MTY4Nzc2Mzg3MiwiaXNzIjoic2FtcGxlIiwiYXVkIjoic2FtcGxlIn0.SUHPiDut67KM6LcbzYEF2CCMKiQlB5JMdiqqgIurJHg"

JWT令牌生成方法

private static string generateJwtToken(string username, string password, string TTid)
{
   System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) = { return true; };

     User user = new User();
     user.Username = username;
     user.Password = password;
     user.TTID = '123456';
     var tokenHandler = new JwtSecurityTokenHandler();
     var key = Encoding.ASCII.GetBytes("sample2023TTTTASASA");
     var securityKey = new SymmetricSecurityKey(key);
     var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
     var secToken = new JwtSecurityToken(
     signingCredentials: credentials,
     issuer: "sample",
     audience: "sample",
     claims: new Claim[] { new Claim("userName", user.Username.ToString()), new Claim("TTID", '123456'), },
     expires: DateTime.UtcNow.AddDays(1));
     var handler = new JwtSecurityTokenHandler();
     return handler.WriteToken(secToken);
}
英文:

Generated JWT token is mentioned below. In jwt.io website says "invalid signature" :

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiVFRJRCI6IjEyMzQ1NiIsImV4cCI6MTY4Nzc2Mzg3MiwiaXNzIjoic2FtcGxlIiwiYXVkIjoic2FtcGxlIn0.SUHPiDut67KM6LcbzYEF2CCMKiQlB5JMdiqqgIurJHg"

JWT token generation method

private static string generateJwtToken(string username, string password, string TTid)
{
   System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror)    = { return true; };

     User user = new User();
     user.Username = username;
     user.Password = password;
     user.TTID = '123456';
     var tokenHandler = new JwtSecurityTokenHandler();
     var key = Encoding.ASCII.GetBytes("sample2023TTTTASASA");
     var securityKey = new SymmetricSecurityKey(key);
     var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
     var secToken = new JwtSecurityToken(
     signingCredentials: credentials,
     issuer: "sample",
     audience: "sample",
     claims: new Claim[] { new Claim("userName", user.Username.ToString()), new Claim("TTID", '123456'), },
     expires: DateTime.UtcNow.AddDays(1));
     var handler = new JwtSecurityTokenHandler();
     return handler.WriteToken(secToken);
}

答案1

得分: 1

我认为你的令牌是正确的。你只需要在jwt.io页面的“Verify signature”部分的“your-256-bit-secret”输入框中指定用于签署令牌的密钥。所以放入“sample2023TTTTASASA”,它就会工作。

原因:

JWT令牌的签名是由标头+负载+签名密钥的组合生成的。

标头是令牌的第一部分,到第一个句点为止,在这种情况下是“eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9”。

负载是第二部分 - 在句点之间的部分,包含实际声明。在这种情况下,它是“eyJ1c2VyTmFtZSI6ImFkbWluIiwiVFRJRCI6IjEyMzQ1NiIsImV4cCI6MTY4Nzc2Mzg3MiwiaXNzIjoic2FtcGxlIiwiYXVkIjoic2FtcGxlIn0”。

第三部分是签名,它是使用特定算法生成的,例如,使用签名密钥的HMAC SHA256,在这种情况下是“sample2023TTTTASASA”,你需要在页面上指定这个密钥。

英文:

I think your token is OK. You just need to specify the key you used to sign the token with in the jwt.io page in the 'your-256-bit-secret' input box in 'Verify signature' part. So put 'sample2023TTTTASASA', it works.

Reason:

JWT token's signature is generated as a combination of header + payload + signing key.

Header is the first part of the token to first dot, in this case 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'.

Payload is the second part - the part between dots eyJ1c2VyTmFtZSI6ImFkbWluIiwiVFRJRCI6IjEyMzQ1NiIsImV4cCI6MTY4Nzc2Mzg3MiwiaXNzIjoic2FtcGxlIiwiYXVkIjoic2FtcGxlIn0. This part contains the actual claims.

Third part is the signature and it is generated with use of a specific algorithm, e.g. HMAC SHA256 with a signing key, in this case 'sample2023TTTTASASA' and this you need to specify on the page.

huangapple
  • 本文由 发表于 2023年6月25日 18:58:42
  • 转载请务必保留本文链接:https://go.coder-hub.com/76550063.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定