为什么jwt.io网站出现验证令牌的错误？

发布于 2025-02-12 08:04:45 字数 321 浏览 0 评论 0原文

我从Microsoft Identity平台获得了访问令牌，并尝试使用JWT.IO网站验证其签名（以了解验证过程）。事实是，当我将此访问令牌粘贴到JWT.IO网站上并在«＆nbsp; public键'»上粘贴公共密钥box，jwt.io仍在返回错误，表明签名无效。我使用的公共密钥由Microsoft Identity使用«＆nbsp; kid»»提供。宣称。更确切地说，我将公开密钥与«＆nbsp; - - 开始证书 - - ＆nbsp;»包裹起来。和«＆nbsp; - End证书 - - »并将其全部粘贴到公共密钥框中。（顺便说一句，在私钥盒上，我什么也没放）我在做什么错？感谢您的所有帮助。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

梦亿 2025-02-19 08:04:45

这是从我的Azure AD开发帐户中与之相比的工作手册JWT验证。希望这使您能够解决自己的问题，并且还突出了许多API安全库的步骤：

JWT访问令牌

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjJaUXBKM1VwYmpBWVhZR2FYRUpsOGxWMFRPSSJ9.eyJhdWQiOiJjYjM5OGI0My05NmU4LTQ4ZTYtOGU4ZS1iMTY4ZDU4MTZjMGUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vN2YwNzFmYmMtOGJmMi00ZTYxLWJiNDgtZGFiZDhlMmY1YjVhL3YyLjAiLCJpYXQiOjE2NTY4NjQxOTIsIm5iZiI6MTY1Njg2NDE5MiwiZXhwIjoxNjU2ODY4NjEzLCJhaW8iOiJBVFFBeS84VEFBQUFaVE9ydkw3K0tVQXdlOWlVSVdTdEdSdlhibVJqdFpKVUlnWjQyL1NWSE5rZ041d25hRjJQaDV3M0g1bnJzeVpFIiwiYXpwIjoiYzVlYTZkNzgtYzYzNy00ZjdmLWIyMzgtMjI2NGY1ZDRiNDc5IiwiYXpwYWNyIjoiMCIsImVtYWlsIjoiZ3Vlc3R1c2VyQG15Y29tcGFueS5jb20iLCJuYW1lIjoiR3Vlc3RVc2VyIiwib2lkIjoiMTUxYTI1NjQtMmFjMy00ZTY3LThiMzEtYmZhYjdjZjgxZDVlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZ3Vlc3R1c2VyQGdhcnlhcmNoZXIzNmdtYWlsLm9ubWljcm9zb2Z0LmNvbSIsInJoIjoiMC5BU0VBdkI4SGZfS0xZVTY3U05xOWppOWJXa09MT2N2b2x1WklqbzZ4YU5XQmJBNGhBUGsuIiwic2NwIjoic2NvcGUyIHRyYW5zYWN0aW9uc19yZWFkIiwic3ViIjoiaUhBWVNJdHN3cHh4aE5RSHA4TFptSlRYcEt3S2tyWEZDY1VKOW5BRHlMNCIsInRpZCI6IjdmMDcxZmJjLThiZjItNGU2MS1iYjQ4LWRhYmQ4ZTJmNWI1YSIsInV0aSI6IkYtNk0zejlQTWtpRVFPZnd1c2ZJQUEiLCJ2ZXIiOiIyLjAifQ.El2_6XP_MxILKvEif2gKR6XS2sRPLFr2oZHBA9VdRS-l_iWGSO3JhqwK26WvAqsYVDL3mKfubUUjh5r0vKuWDwpciWSTLey3ptPAm1ApeQF4C3xBIpvLQDQI3vO7bzs0Xd4du5AOc0c513NSVshr9DqdVJY_sSiwyBVQx0qliWeqiKIwi5B7NnUJji680ZYOvoPTCYBtKwnKQRpaqOh9P1KxghFafkEcVb-_wVGpjwMi-iMKpM1QWDgfsjCJIRueW_s-KE6jS7pEeYJFGt0epft548ek0gdThF_2apAEiLGUsy65Ucu8n6OQZVXFcRMw6dHx5v4zA3CBeSiVACpeqQ

jwt Header的儿童价值

2ZQPJ3UPBJAXYXYXYXYXYGAXEJL8L8L8L8LV0TOI

JWKS URI JWKS URI JWKS URI <> /strong>

从这里下载包含令牌签名公共键的JSON Web Keyset：

https://login.microsoftonline.com/7f071fbc-8bf2-4e61-bb48-dabd8e2f5b5a/discovery/discovery/v2.0/keys/keys 是匹配kid的密钥集中的项目JWT标头的字段。您可以将此JSON粘贴到JWT.IO的公共密钥文本字段中，JWT将通过验证：

{
      "kty": "RSA",
      "use": "sig",
      "kid": "2ZQpJ3UpbjAYXYGaXEJl8lV0TOI",
      "x5t": "2ZQpJ3UpbjAYXYGaXEJl8lV0TOI",
      "n": "wEMMJtj9yMQd8QS6Vnm538K5GN1Pr_I31_LUl9-OCYu-9_DrDvPGjViQK9kOiCjBfyqoAL-pBecn9-XXaS-C4xZTn1ZRw--GELabuo0u-U6r3TKj42xFDEP-_R5RpOGshoC95lrKiU5teuhn4fBM3XfR2GB0dVMcpzN3h4-0OMvBK__Zr9tkQCU_KzXTbNCjyA7ybtbr83NF9k3KjpTyOyY2S-qvFbY-AoqMhL9Rp8r2HBj_vrsr6RX6GeiSxxjbEzDFA2VIcSKbSHvbNBEeW2KjLXkz6QG2LjKz5XsYLp6kv_-k9lPQBy_V7Ci4ZkhAN-6j1S1Kcq58aLbp0wDNKQ",
      "e": "AQAB",
      "x5c": [
        "MIIDBTCCAe2gAwIBAgIQH4FlYNA+UJlF0G3vy9ZrhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDUyMjIwMDI0OVoXDTI3MDUyMjIwMDI0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBDDCbY/cjEHfEEulZ5ud/CuRjdT6/yN9fy1JffjgmLvvfw6w7zxo1YkCvZDogowX8qqAC/qQXnJ/fl12kvguMWU59WUcPvhhC2m7qNLvlOq90yo+NsRQxD/v0eUaThrIaAveZayolObXroZ+HwTN130dhgdHVTHKczd4ePtDjLwSv/2a/bZEAlPys102zQo8gO8m7W6/NzRfZNyo6U8jsmNkvqrxW2PgKKjIS/UafK9hwY/767K+kV+hnokscY2xMwxQNlSHEim0h72zQRHltioy15M+kBti4ys+V7GC6epL//pPZT0Acv1ewouGZIQDfuo9UtSnKufGi26dMAzSkCAwEAAaMhMB8wHQYDVR0OBBYEFLFr+sjUQ+IdzGh3eaDkzue2qkTZMA0GCSqGSIb3DQEBCwUAA4IBAQCiVN2A6ErzBinGYafC7vFv5u1QD6nbvY32A8KycJwKWy1sa83CbLFbFi92SGkKyPZqMzVyQcF5aaRZpkPGqjhzM+iEfsR2RIf+/noZBlR/esINfBhk4oBruj7SY+kPjYzV03NeY0cfO4JEf6kXpCqRCgp9VDRM44GD8mUV/ooN+XZVFIWs5Gai8FGZX9H8ZSgkIKbxMbVOhisMqNhhp5U3fT7VPsl94rilJ8gKXP/KBbpldrfmOAdVDgUC+MHw3sSXSt+VnorB4DU4mUQLcMriQmbXdQc8d1HUZYZEkcKaSgbygHLtByOJF44XUsBotsTfZ4i/zVjnYcjgUQmwmAWD"
      ],
      "issuer": "https://login.microsoftonline.com/7f071fbc-8bf2-4e61-bb48-dabd8e2f5b5a/v2.0"
}

令牌签名公共密钥（PEM格式）

您可以使用a jwk to pem converter 转换JWK到PEM格式。您可以将此证书文本粘贴到JWT.IO的公共密钥文本字段中，JWT也将通过验证：

Here is a working manual JWT validation to compare against, from my Azure AD development account. Hopefully this enables you to solve your own problem, and also highlights the steps many API security libraries follow:

JWT ACCESS TOKEN

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjJaUXBKM1VwYmpBWVhZR2FYRUpsOGxWMFRPSSJ9.eyJhdWQiOiJjYjM5OGI0My05NmU4LTQ4ZTYtOGU4ZS1iMTY4ZDU4MTZjMGUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vN2YwNzFmYmMtOGJmMi00ZTYxLWJiNDgtZGFiZDhlMmY1YjVhL3YyLjAiLCJpYXQiOjE2NTY4NjQxOTIsIm5iZiI6MTY1Njg2NDE5MiwiZXhwIjoxNjU2ODY4NjEzLCJhaW8iOiJBVFFBeS84VEFBQUFaVE9ydkw3K0tVQXdlOWlVSVdTdEdSdlhibVJqdFpKVUlnWjQyL1NWSE5rZ041d25hRjJQaDV3M0g1bnJzeVpFIiwiYXpwIjoiYzVlYTZkNzgtYzYzNy00ZjdmLWIyMzgtMjI2NGY1ZDRiNDc5IiwiYXpwYWNyIjoiMCIsImVtYWlsIjoiZ3Vlc3R1c2VyQG15Y29tcGFueS5jb20iLCJuYW1lIjoiR3Vlc3RVc2VyIiwib2lkIjoiMTUxYTI1NjQtMmFjMy00ZTY3LThiMzEtYmZhYjdjZjgxZDVlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZ3Vlc3R1c2VyQGdhcnlhcmNoZXIzNmdtYWlsLm9ubWljcm9zb2Z0LmNvbSIsInJoIjoiMC5BU0VBdkI4SGZfS0xZVTY3U05xOWppOWJXa09MT2N2b2x1WklqbzZ4YU5XQmJBNGhBUGsuIiwic2NwIjoic2NvcGUyIHRyYW5zYWN0aW9uc19yZWFkIiwic3ViIjoiaUhBWVNJdHN3cHh4aE5RSHA4TFptSlRYcEt3S2tyWEZDY1VKOW5BRHlMNCIsInRpZCI6IjdmMDcxZmJjLThiZjItNGU2MS1iYjQ4LWRhYmQ4ZTJmNWI1YSIsInV0aSI6IkYtNk0zejlQTWtpRVFPZnd1c2ZJQUEiLCJ2ZXIiOiIyLjAifQ.El2_6XP_MxILKvEif2gKR6XS2sRPLFr2oZHBA9VdRS-l_iWGSO3JhqwK26WvAqsYVDL3mKfubUUjh5r0vKuWDwpciWSTLey3ptPAm1ApeQF4C3xBIpvLQDQI3vO7bzs0Xd4du5AOc0c513NSVshr9DqdVJY_sSiwyBVQx0qliWeqiKIwi5B7NnUJji680ZYOvoPTCYBtKwnKQRpaqOh9P1KxghFafkEcVb-_wVGpjwMi-iMKpM1QWDgfsjCJIRueW_s-KE6jS7pEeYJFGt0epft548ek0gdThF_2apAEiLGUsy65Ucu8n6OQZVXFcRMw6dHx5v4zA3CBeSiVACpeqQ

KID VALUE FROM JWT HEADER

2ZQpJ3UpbjAYXYGaXEJl8lV0TOI

JWKS URI

The JSON Web Keyset containing token signing public keys is downloaded from here:

https://login.microsoftonline.com/7f071fbc-8bf2-4e61-bb48-dabd8e2f5b5a/discovery/v2.0/keys

TOKEN SIGNING PUBLIC KEY (JWK FORMAT)

This is the item in the keyset that matches the kid field from the JWT header. You can paste this JSON into the public key text field in jwt.io and the JWT will pass validation:

{
      "kty": "RSA",
      "use": "sig",
      "kid": "2ZQpJ3UpbjAYXYGaXEJl8lV0TOI",
      "x5t": "2ZQpJ3UpbjAYXYGaXEJl8lV0TOI",
      "n": "wEMMJtj9yMQd8QS6Vnm538K5GN1Pr_I31_LUl9-OCYu-9_DrDvPGjViQK9kOiCjBfyqoAL-pBecn9-XXaS-C4xZTn1ZRw--GELabuo0u-U6r3TKj42xFDEP-_R5RpOGshoC95lrKiU5teuhn4fBM3XfR2GB0dVMcpzN3h4-0OMvBK__Zr9tkQCU_KzXTbNCjyA7ybtbr83NF9k3KjpTyOyY2S-qvFbY-AoqMhL9Rp8r2HBj_vrsr6RX6GeiSxxjbEzDFA2VIcSKbSHvbNBEeW2KjLXkz6QG2LjKz5XsYLp6kv_-k9lPQBy_V7Ci4ZkhAN-6j1S1Kcq58aLbp0wDNKQ",
      "e": "AQAB",
      "x5c": [
        "MIIDBTCCAe2gAwIBAgIQH4FlYNA+UJlF0G3vy9ZrhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDUyMjIwMDI0OVoXDTI3MDUyMjIwMDI0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBDDCbY/cjEHfEEulZ5ud/CuRjdT6/yN9fy1JffjgmLvvfw6w7zxo1YkCvZDogowX8qqAC/qQXnJ/fl12kvguMWU59WUcPvhhC2m7qNLvlOq90yo+NsRQxD/v0eUaThrIaAveZayolObXroZ+HwTN130dhgdHVTHKczd4ePtDjLwSv/2a/bZEAlPys102zQo8gO8m7W6/NzRfZNyo6U8jsmNkvqrxW2PgKKjIS/UafK9hwY/767K+kV+hnokscY2xMwxQNlSHEim0h72zQRHltioy15M+kBti4ys+V7GC6epL//pPZT0Acv1ewouGZIQDfuo9UtSnKufGi26dMAzSkCAwEAAaMhMB8wHQYDVR0OBBYEFLFr+sjUQ+IdzGh3eaDkzue2qkTZMA0GCSqGSIb3DQEBCwUAA4IBAQCiVN2A6ErzBinGYafC7vFv5u1QD6nbvY32A8KycJwKWy1sa83CbLFbFi92SGkKyPZqMzVyQcF5aaRZpkPGqjhzM+iEfsR2RIf+/noZBlR/esINfBhk4oBruj7SY+kPjYzV03NeY0cfO4JEf6kXpCqRCgp9VDRM44GD8mUV/ooN+XZVFIWs5Gai8FGZX9H8ZSgkIKbxMbVOhisMqNhhp5U3fT7VPsl94rilJ8gKXP/KBbpldrfmOAdVDgUC+MHw3sSXSt+VnorB4DU4mUQLcMriQmbXdQc8d1HUZYZEkcKaSgbygHLtByOJF44XUsBotsTfZ4i/zVjnYcjgUQmwmAWD"
      ],
      "issuer": "https://login.microsoftonline.com/7f071fbc-8bf2-4e61-bb48-dabd8e2f5b5a/v2.0"
}

TOKEN SIGNING PUBLIC KEY (PEM FORMAT)

You can use a JWK to PEM converter to convert the JWK to PEM format. You can paste this certificate text into the public key text field in jwt.io and the JWT will also pass validation:

回复收藏 0 原文