English 中文(简体)
我如何用 j子核实消防基地会议。
原标题:How do I verify a Firebase sessionCookie (JWT) using jose?

Setup

  1. I m following the docs here.
  2. I m using Next.js middleware which means I cannot use Firebase functions to verify my cookie. So, I m attempting to verify it with jose.
  3. The Firebase docs state

确保本届会议的表象由与象征性的 s夫索赔相应的私人钥匙签署。 查阅,并利用JWT图书馆核实签名。

What I ve tried

// middleware.js

import { NextResponse } from  next/server 
import * as jose from  jose 

export async function middleware(request) {
  // Check the cookies
  const allCookies = request.cookies.getAll()
  console.log(allCookies)

  // Get the sessionCookie (if it exists)
  const sessionCookie = request.cookies.get("sessionCookie")
  console.log("sessionCookie", sessionCookie)

  // Test verification using a hard-coded public key from 
  // https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys
  const alg =  RS256 
  const spki = `-----BEGIN CERTIFICATE-----
  MIIDHDCCAgSgAwIBAgIEIhgI5zANBgkqhkiG9w0BAQsFADAzMQ8wDQYDVQQDEwZH
  aXRraXQxEzARBgNVBAoTCkdvb2dsZSBJbmMxCzAJBgNVBAYTAlVTMB4XDTE5MDEx
  NDIzMjgzMVoXDTIwMDEwOTIzMjgzMVowMzEPMA0GA1UEAxMGR2l0a2l0MRMwEQYD
  VQQKEwpHb29nbGUgSW5jMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD
  ggEPADCCAQoCggEBAMLh7U8PNsOebb1HVLDa81W/CZK8DrdYl9Vlwj/0/GF7kfLP
  zF4qyShw1zAZddlzt7f6lDy2ZvmQ1nqW0IRy8xgYTeAb6aCLY+rm4DEnwJOCnAVo
  m1xpgcOVExsXXpleWsP0MugM5xa91Y79CYkVTevPZThgjqfGjan3GiXLQwIJTLG8
  xEXXSzmMDeW6dP6CBVPsbbTYSat6CX2nBm2YoJ4v2dij3DQBzOD/d5WLaYL4yE9p
  TjmreitFvs1r0AZF53Cq5ju7M10indVyk1zwfK+tuk7VnCZz/mBHEPxT9+Q5EWFi
  lVVkZ+2Qau0qRIvar/1QukVpyEsVHPZH+aZ9ilMCAwEAAaM4MDYwDAYDVR0TAQH/
  BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCB4AwDQYJ
  KoZIhvcNAQELBQADggEBAH4ca9fhlBd9XmaX9E0rZ8QCWT8AnxcVLY+S+nHJg2IT
  dj7ZytNJWttKEssOdslrQyamxt2SdQSfpd2UpA+fCO2sRSJOBEA3squGrj1yh1Pt
  lajf2TM1MwpdO7ZqBbfE3hLH7srBbVXHxKsUemepxviC+dpF0u4o3EjqHpAvkruO
  4RtC4grbFBNRIbBTu7oJHpKnBJWxK7w11a5Sabs6reAuFh68QaVAQzrscYP/M4i9
  SPwArWKoCJgrxxVof1N1cal4UpziEH9OaWa7RfyZTYAeEJ/atDo5s8AACPUH542f
  JEwmwAJKbJKLRoFYJJXCPeKp1Q7EXQHJNNdS2ABjw+w=
  -----END CERTIFICATE-----`

  const publicKey = await jose.importSPKI(spki, alg)
  const { payload, protectedHeader } = await jose.jwtVerify(sessionCookie.value, publicKey)
  
  console.log(protectedHeader)
  console.log(payload)
}

造成错误

“空白”必须是SPKI格式的扼制错误

Questions

  1. 我如何做这项工作?

  2. 为什么。 不是提供一种,而是提供五个不同的公共钥匙?

  3. 每个公共钥匙似乎都有独特的(关键、价值)乳制品。 例如

    "skIBNg": "-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIB...vb2dsZSBJbmMxCzAJBgNVBAYTA.f+9Vg=
-----END CERTIFICATE-----
"

    keyskIBNg>? 目前没有使用。

问题回答

暂无回答


上一篇:
下一篇:


相关问题
• 如何关闭卢布特弗雷的分部?

我设立了一个新的账户,以便能够更好地管理我在消防基地的项目,但我已开始使用一个不同的账户来开会,我如何能够在......时结束这一账户的欺骗。

时间:2023-06-04 02:39:25 回答:0 展示:1
How to write to second tree in Firebase Realtime Database

I have a Firebase Realtime Database and I want to write to it, that s simple enough, but I have added more than one tree to my Database and want to know how to write to the second tree. Right now I ...

时间:2023-05-26 14:18:28 回答:0 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全