在PHP中的Firebase令牌验证 [英] Firebase token verification in php

查看:349
本文介绍了在PHP中的Firebase令牌验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在Android中有一个客户端的php后端,我使用Firebase提供的电子邮件/密码登录。我想验证后端的令牌。我有一些麻烦,直到现在我无法修复。首先是一个疑问,根据Firebase的标题将包含一个孩子必须与他们在这个网站提供的一些公钥相匹配: https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com
我已经做了一些测试,我发现这个 kid 并不总是相同的,这意味着可以是任何应该与 kid :我已经在jwt.io网站上测试过了,并且所有工作都正常,但是在php代码中不起作用。我如何知道我应该使用小孩编码和解码我需要公钥?

我遇到的第二个麻烦是我正在使用firebase / php-jwt库,并且我正在按照他们提供的文档解码令牌它不起作用,这是我使用的代码:

 <?php 
 require' ../vendor/autoload.php'; 
使用\Firebase\JWT\JWT; 
 $ jwt =来自android客户端的令牌; 
 $键=----- BEGIN CERTIFICATE ----- \\\
MIIDHDCCAgSgAwIBAgIIBhyg0WUm0qIwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\\\
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw\\\
MjA3MDA0NTI2WhcNMTcwMjEwMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\\\
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\\\
ggEPADCCAQoCggEBANgrjKWwUlWeZukViyrrLS6nOWlgQnEahP / sRlVWCC2mkWdB\\\
9NXsE7L8ZY9uhGNBEC8KknzpeFSJFKBVfRW7onrReCuz2RPJ5tk / 7ZP2naY3mLO8\\\
kU / aHlIYfvcmtJzlISABCLMg5RiUY1IhQDSj8kYKVTo2JhD / plZZ85xHHJ8BpHQv\\ \
WbvtlAJ4WqG8NstOG + LoOMr8Ayi7xsPw4AyT6iHnXcFExzvVsHs / 7UBkJKF4eX8L\\\
ocbdfs8qb9T / Bua8mRUahVj9hHntoxG0TCOpV + frxBwHw + wZgig / FRod9u5FirMC\\\
9tjctwaf9b5pSHMhVhPTAuqg3xwMr / Wq76lCNTkCAwEAAaM4MDYwDAYDVR0TAQH / \\\
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH / BAwwCgYIKwYBBQUHAwIwDQYJ\\\
KoZIhvcNAQEFBQADggEBABcOJ8zqu + RH9UXf90O2mRMY2CjiLWowIzOX2l + 2aHfm\\\
d9QUM4EpS + E0UbmaOsiMSkxs4rWGppWPqC8Y4dypctXtzftWNMatPZyLni4zLT / t\\\
KDItjmaN9QrBo1XL + TUg7fw876C 4G3xGldqTNgjrQwyQI1QhnNJHpbWqkjJkixX5\\\
dZ45E + UVoc1uw5VlbdN4 / NUKQ4OOKyvHIn5dupNFOF1xrkQmEexE7NA5dENGP07j\\\
o2XDfaOCDKiugV6vCIsQZo9BqTRJIC / 3PZFfIyvxmwm5Vq9CInGX1DKS2ToasM5H\\\
nc5B3AxX3 + 6fosel / yQZaRfyy7o / FiVdj3gIF + MPe7s = \\\
 ----- END CERTIFICATE ----- \\\
; 
 $ encoded = JWT :: decode($ jwt,$ key,array('RS256')); 
 var_dump($ decode); 
?>

这个脚本给了我一些错误。



我会很感激任何帮助。

解决方案


我怎么知道我应该使用公钥吗?如果孩子编码和解码,我需要公钥?

KID标头未经过编码。它是一个字符串值,表示指向有效公钥的数组键。
首先,您必须从 https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com 。然后,解码到一个数组,并使用您的KID获得适当的公钥。


我遇到的第二个麻烦是我使用firebase / php-jwt库,我正在按照他们提供的文档来解码令牌,它不起作用

你得到的错误是什么?你使用正确的算法?尝试改变RS256到HS256。


I have a backend in php for a client in Android, I'm using the login by email/password provided by Firebase. I want to verify the token in the backend. I'm having some troubles that until now i could not fix. The first is a doubt, acording to Firebase the header will contain a kid that must match with some public key provided by them in this site: https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com well I have done some tests and I figured out that this kid is not always the same, that means that can be any of the public keys that should match with the kid: I've tested this in the jwt.io website and all works fine but then in the php code does not work. How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work, this is the code that I'm using:

<?php
   require '../vendor/autoload.php';
   use \Firebase\JWT\JWT;
   $jwt = "token from the android client";
   $key = "-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIBhyg0WUm0qIwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\nAxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw\nMjA3MDA0NTI2WhcNMTcwMjEwMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANgrjKWwUlWeZukViyrrLS6nOWlgQnEahP/sRlVWCC2mkWdB\n9NXsE7L8ZY9uhGNBEC8KknzpeFSJFKBVfRW7onrReCuz2RPJ5tk/7ZP2naY3mLO8\nkU/aHlIYfvcmtJzlISABCLMg5RiUY1IhQDSj8kYKVTo2JhD/plZZ85xHHJ8BpHQv\nWbvtlAJ4WqG8NstOG+LoOMr8Ayi7xsPw4AyT6iHnXcFExzvVsHs/7UBkJKF4eX8L\nocbdfs8qb9T/Bua8mRUahVj9hHntoxG0TCOpV+frxBwHw+wZgig/FRod9u5FirMC\n9tjctwaf9b5pSHMhVhPTAuqg3xwMr/Wq76lCNTkCAwEAAaM4MDYwDAYDVR0TAQH/\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ\nKoZIhvcNAQEFBQADggEBABcOJ8zqu+RH9UXf90O2mRMY2CjiLWowIzOX2l+2aHfm\nd9QUM4EpS+E0UbmaOsiMSkxs4rWGppWPqC8Y4dypctXtzftWNMatPZyLni4zLT/t\nKDItjmaN9QrBo1XL+TUg7fw876C4G3xGldqTNgjrQwyQI1QhnNJHpbWqkjJkixX5\ndZ45E+UVoc1uw5VlbdN4/NUKQ4OOKyvHIn5dupNFOF1xrkQmEexE7NA5dENGP07j\no2XDfaOCDKiugV6vCIsQZo9BqTRJIC/3PZFfIyvxmwm5Vq9CInGX1DKS2ToasM5H\nnc5B3AxX3+6fosel/yQZaRfyy7o/FiVdj3gIF+MPe7s=\n-----END CERTIFICATE-----\n";
   $decoded = JWT::decode($jwt, $key, array('RS256'));
   var_dump($decoded);
?>

This script are giving me some kind of error.

I will appreciate any help.

解决方案

How can i know wich public key should i use if the kid is encoded and for decode it i need that public key?

KID header is not encoded. It is a string value that represents an array key, which points to valid public key. First, you have to get the public keys JSON from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com. Then, decode it to an array and use your KID to get the proper public key.

The second trouble I'm having is that I'm using the firebase/php-jwt library, and I'm following the docs provided by them to decode the token and it does not work

What is the error you are getting? Are you using correct algorithm? Try changing RS256 to HS256.

这篇关于在PHP中的Firebase令牌验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆