問(wèn)題描述
我覺(jué)得我在這里服用了瘋狂的藥丸.通常,對(duì)于任何給定的任務(wù),網(wǎng)絡(luò)上總是有一百萬(wàn)個(gè)庫(kù)和樣本.我正在嘗試通過(guò)使用 JSON Web 令牌 (JWT) 來(lái)使用 Google服務(wù)帳戶"實(shí)現(xiàn)身份驗(yàn)證,如 這里.
但是,只有 PHP、Python 和 Java 中的客戶端庫(kù).即使在 Google 的身份驗(yàn)證之外搜索 JWT 示例,關(guān)于 JWT 的概念也只有蟋蟀和草稿.這真的很新,而且可能是谷歌專有系統(tǒng)嗎?
我能解釋的最接近的 java 示例看起來(lái)非常密集且令人生畏.C# 中必須有一些我至少可以開(kāi)始的東西.對(duì)此的任何幫助都會(huì)很棒!
謝謝大家.我找到了一個(gè) Json Web Token 的基本實(shí)現(xiàn),并用 Google 風(fēng)格對(duì)其進(jìn)行了擴(kuò)展.我還沒(méi)有完全解決它,但它已經(jīng)完成了 97%.這個(gè)項(xiàng)目失去了動(dòng)力,所以希望這將有助于其他人獲得良好的開(kāi)端:
注意:我對(duì)基本實(shí)現(xiàn)所做的更改(不記得我在哪里找到的)是:
<塊引用>- 更改了 HS256 -> RS256
- 交換了標(biāo)頭中的 JWT 和 alg 順序.不知道是誰(shuí)弄錯(cuò)了,谷歌還是規(guī)范,但谷歌按照他們的文檔如下所示.
公共枚舉 JwtHashAlgorithm{RS256,HS384,HS512}公共類(lèi) JsonWebToken{私有靜態(tài)字典<JwtHashAlgorithm, Func<byte[], byte[], byte[]>>哈希算法;靜態(tài) JsonWebToken(){HashAlgorithms = new Dictionary公共類(lèi) GoogleJsonWebToken{公共靜態(tài)字符串編碼(字符串電子郵件,字符串證書(shū)文件路徑){var utc0 = new DateTime(1970,1,1,0,0,0,0, DateTimeKind.Utc);var issueTime = DateTime.Now;var iat = (int)issueTime.Subtract(utc0).TotalSeconds;var exp = (int)issueTime.AddMinutes(55).Subtract(utc0).TotalSeconds;//過(guò)期時(shí)間最長(zhǎng)為 1 小時(shí),但讓我們?cè)诎踩那闆r下玩var 有效載荷 = 新{iss = 電子郵件,范圍 = "https://www.googleapis.com/auth/gan.readonly",aud = "https://accounts.google.com/o/oauth2/token",經(jīng)驗(yàn) = 經(jīng)驗(yàn),iat = iat};var certificate = new X509Certificate2(certificateFilePath, "notasecret");var privateKey = certificate.Export(X509ContentType.Cert);return JsonWebToken.Encode(payload, privateKey, JwtHashAlgorithm.RS256);}} I feel like I'm taking crazy pills here. Usually there's always a million library and samples floating around the web for any given task. I'm trying to implement authentication with a Google "Service Account" by use of JSON Web Tokens (JWT) as described here.
However there is only client libraries in PHP, Python, and Java. Even searching for JWT examples outside of Google's authentication, there is only crickets and drafts on the JWT concept. Is this really so new and possibly a Google proprietary system?
The java sample which is the closest I could manage to interpret looks pretty intensive and intimidating. There's got to be something out there in C# that I could at least start with. Any help with this would be great!
Thanks everyone. I found a base implementation of a Json Web Token and expanded on it with the Google flavor. I still haven't gotten it completely worked out but it's 97% there. This project lost it's steam, so hopefully this will help someone else get a good head-start:
Note: Changes I made to the base implementation (Can't remember where I found it,) are:
- Changed HS256 -> RS256
- Swapped the JWT and alg order in the header. Not sure who got it wrong, Google or the spec, but google takes it the way It is below according to their docs.
public enum JwtHashAlgorithm
{
RS256,
HS384,
HS512
}
public class JsonWebToken
{
private static Dictionary<JwtHashAlgorithm, Func<byte[], byte[], byte[]>> HashAlgorithms;
static JsonWebToken()
{
HashAlgorithms = new Dictionary<JwtHashAlgorithm, Func<byte[], byte[], byte[]>>
{
{ JwtHashAlgorithm.RS256, (key, value) => { using (var sha = new HMACSHA256(key)) { return sha.ComputeHash(value); } } },
{ JwtHashAlgorithm.HS384, (key, value) => { using (var sha = new HMACSHA384(key)) { return sha.ComputeHash(value); } } },
{ JwtHashAlgorithm.HS512, (key, value) => { using (var sha = new HMACSHA512(key)) { return sha.ComputeHash(value); } } }
};
}
public static string Encode(object payload, string key, JwtHashAlgorithm algorithm)
{
return Encode(payload, Encoding.UTF8.GetBytes(key), algorithm);
}
public static string Encode(object payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
{
var segments = new List<string>();
var header = new { alg = algorithm.ToString(), typ = "JWT" };
byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None));
//byte[] payloadBytes = Encoding.UTF8.GetBytes(@"{"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com","scope":"https://www.googleapis.com/auth/prediction","aud":"https://accounts.google.com/o/oauth2/token","exp":1328554385,"iat":1328550785}");
segments.Add(Base64UrlEncode(headerBytes));
segments.Add(Base64UrlEncode(payloadBytes));
var stringToSign = string.Join(".", segments.ToArray());
var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);
byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
segments.Add(Base64UrlEncode(signature));
return string.Join(".", segments.ToArray());
}
public static string Decode(string token, string key)
{
return Decode(token, key, true);
}
public static string Decode(string token, string key, bool verify)
{
var parts = token.Split('.');
var header = parts[0];
var payload = parts[1];
byte[] crypto = Base64UrlDecode(parts[2]);
var headerJson = Encoding.UTF8.GetString(Base64UrlDecode(header));
var headerData = JObject.Parse(headerJson);
var payloadJson = Encoding.UTF8.GetString(Base64UrlDecode(payload));
var payloadData = JObject.Parse(payloadJson);
if (verify)
{
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(header, ".", payload));
var keyBytes = Encoding.UTF8.GetBytes(key);
var algorithm = (string)headerData["alg"];
var signature = HashAlgorithms[GetHashAlgorithm(algorithm)](keyBytes, bytesToSign);
var decodedCrypto = Convert.ToBase64String(crypto);
var decodedSignature = Convert.ToBase64String(signature);
if (decodedCrypto != decodedSignature)
{
throw new ApplicationException(string.Format("Invalid signature. Expected {0} got {1}", decodedCrypto, decodedSignature));
}
}
return payloadData.ToString();
}
private static JwtHashAlgorithm GetHashAlgorithm(string algorithm)
{
switch (algorithm)
{
case "RS256": return JwtHashAlgorithm.RS256;
case "HS384": return JwtHashAlgorithm.HS384;
case "HS512": return JwtHashAlgorithm.HS512;
default: throw new InvalidOperationException("Algorithm not supported.");
}
}
// from JWT spec
private static string Base64UrlEncode(byte[] input)
{
var output = Convert.ToBase64String(input);
output = output.Split('=')[0]; // Remove any trailing '='s
output = output.Replace('+', '-'); // 62nd char of encoding
output = output.Replace('/', '_'); // 63rd char of encoding
return output;
}
// from JWT spec
private static byte[] Base64UrlDecode(string input)
{
var output = input;
output = output.Replace('-', '+'); // 62nd char of encoding
output = output.Replace('_', '/'); // 63rd char of encoding
switch (output.Length % 4) // Pad with trailing '='s
{
case 0: break; // No pad chars in this case
case 2: output += "=="; break; // Two pad chars
case 3: output += "="; break; // One pad char
default: throw new System.Exception("Illegal base64url string!");
}
var converted = Convert.FromBase64String(output); // Standard base64 decoder
return converted;
}
}
And then my google specific JWT class:
public class GoogleJsonWebToken
{
public static string Encode(string email, string certificateFilePath)
{
var utc0 = new DateTime(1970,1,1,0,0,0,0, DateTimeKind.Utc);
var issueTime = DateTime.Now;
var iat = (int)issueTime.Subtract(utc0).TotalSeconds;
var exp = (int)issueTime.AddMinutes(55).Subtract(utc0).TotalSeconds; // Expiration time is up to 1 hour, but lets play on safe side
var payload = new
{
iss = email,
scope = "https://www.googleapis.com/auth/gan.readonly",
aud = "https://accounts.google.com/o/oauth2/token",
exp = exp,
iat = iat
};
var certificate = new X509Certificate2(certificateFilePath, "notasecret");
var privateKey = certificate.Export(X509ContentType.Cert);
return JsonWebToken.Encode(payload, privateKey, JwtHashAlgorithm.RS256);
}
}
這篇關(guān)于C# 中是否有任何 JSON Web 令牌 (JWT) 示例?的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!