English 中文(简体)
如何核实在 no子里使用 j子的消防数据库。
原标题:How to verify a Firebase ID token using jose in node?

I m 试图在instructions heret_t_t_t_t_t rel=

Why?

我知道,我可以使用消防基地verificationSessionCookie。 事实上,这是我目前所做的事,也是行之有效的。

export async function getDecodedSessionCookie() {
  // Get the sessionCookie
  const sessionCookie = cookies().get("sessionCookie")
  if (sessionCookie === undefined) return null

  // Verify the cookie but don t check if the cookie has
  // been revoked not sure if this is a security risk,
  // but it appears to add significant latency
  return (
    adminAuth
      .verifySessionCookie(sessionCookie.value, false)

      // If the cookie is verified, return the decodedClaims
      .then((decodedClaims) => {
        return decodedClaims
      })
      .catch((e) => console.log("error", e))
  )
}

英国护堤 s慢,无法在Vercel的边缘时间执行。

What I ve Tried

这一议题略高于我的头部,但在这里,我所尝试的是。

export async function getDecodedSessionCookie2() {
  // Return null if the cookie doesn t exist or it s invalid
  const sessionCookie = cookies().get("sessionCookie")
  if (sessionCookie === undefined) return null

  // Decode the header (this works)
  const header = jose.decodeProtectedHeader(sessionCookie.value)
  console.log("header", header)

  // Decode the cookie (this works)
  const sessionCookieDecoded = jose.decodeJwt(sessionCookie.value)
  console.log("sessionCookieDecoded", sessionCookieDecoded)

  // Create the remote key set 
  // (This errors with message: JSON Web Key Set malformed)
  const JWKS = jose.createRemoteJWKSet(
    new URL(
      "https://www.googleapis.com/robot/v1/metadata/x509/[email protected]"
    )
  )
  const keyset = await JWKS()
  console.log("keyset", keyset)

  // Never made it here
  const audience = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID
  const issuer = `https://securetoken.google.com/${audience}`

  // Never made it here
  const { payload, protectedHeader } = await jose.jwtVerify(
    sessionCookie.value,
    JWKS,
    {
      issuer,
      audience,
    }
  )
  console.log("protectedHeader", protectedHeader)
  console.log("payload", payload)

  // Not sure if this is needed?
  // const x509 = certificates["7cf7f8727091e4c77aa995db60743b7dd2bb70b5"]
  // const ecPublicKey = await jose.importX509(x509, algorithm)

  return sessionCookieDecoded
}

在很大程度上,这只是很多东西方和勘探,但我think。 我需要用<代码>createRemoteJWKSet建立一个遥远的钥匙,这是我可以走过的一步。

Additional notes

  1. Firebase tokens should have a kid in the header.
    1. In production, I see kid: lk02Aw. As far as I can tell, this does not correspond to any of the public keys
    2. In local development with the Auth Emulator, kid does not exist.
  2. Do the public certificates change frequently?

Updates

问题回答

Here s how to do it with native Node. I was able to get my token by opening Developer Tools (cntrl+shift+i) and entering firebase.auth().signInAnonymously followed by firebase.auth().currentUser.getIdToken().then(function(idToken) {console.log(idToken)}).

谷歌公众 钥匙在

const {createVerify, createPublicKey} = await import( node:crypto );
(async function () {
  console.log(await validateJWS(myJWT));
})();
async function validateJWS(jwt){
  try {
    let jwtParts = jwt.split( . );
    let jwtHeader = jwtParts[0];
    let jwtPayload = jwtParts[1];
    let jwtSignature = jwtParts[2];
    let valid = false;
    let header = JSON.parse(Buffer.from(jwtHeader,  base64url ).toString( utf-8 ));
    let alg = header.alg;
    if(alg === "RS256"){ // MUST verify alg is not set to none
      let verify = createVerify( SHA256 );
      verify.write(jwtHeader +  .  + jwtPayload);
      verify.end();
      let googleKey = publicKeyGoogle[Object.keys(publicKeyGoogle)[0]];
      let publicKeyObjectGoogle = await generatePublicKey(googleKey);
      valid = verify.verify(publicKeyObjectGoogle, jwtSignature,  base64url );
      if(valid){
        return JSON.parse(Buffer.from(jwtPayload,  base64url ).toString( utf-8 ));
      } else {
        throw (error)
      }
    } else {
      throw (error)     
    }
  } catch (e) {
    //console.log (e);
    return "x1b[31mInvalid Token!x1b[37m";
  }
}
function generatePublicKey (str) {
  return new Promise(function(resolve, reject) {
    try {
      let key = createPublicKey({
          key: str,
          format:  pem ,
          encoding:  utf-8 
      })
      resolve (key);
    } catch (e) {
      reject (e);
    }
  });
}
时间:2024-01-14 02:37:11


上一篇:
下一篇:


相关问题
How to make Sequelize use singular table names

I have an model called User but Sequelize looks for the table USERS whenever I am trying to save in the DB. Does anyone know how to set Sequelize to use singular table names? Thanks.

时间:2014-01-14 13:15:50 回答:4 展示:1
What is Node.js? [closed]

I don t fully get what Node.js is all about. Maybe it s because I am mainly a web based business application developer. What is it and what is the use of it? My understanding so far is that: The ...

时间:2009-12-10 23:05:21 回答:10 展示:1
Clientside going serverside with node.js

I`ve been looking for a serverside language for some time, and python got my attention somewhat. But as I already know and love javascript, I now want learn to code on the server with js and node.js. ...

时间:2009-12-09 11:45:37 回答:3 展示:1
Can I use jQuery with Node.js?

Is it possible to use jQuery selectors/DOM manipulation on the server-side using Node.js?

时间:2009-11-26 01:54:20 回答:21 展示:1
How do I escape a string for a shell command in node?

In nodejs, the only way to execute external commands is via sys.exec(cmd). I d like to call an external command and give it data via stdin. In nodejs there does yet not appear to be a way to open a ...

时间:2009-11-22 20:21:52 回答:8 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全