使用Deno进行JWT身份验证 [英] JWT authentication with Deno

问题描述

如何在Deno中创建和验证JSON Web令牌?

How to create and validate JSON Web Token in Deno?

我不是Deno运行时的新手，因此在Deno中使用JWT入门示例会很有帮助.

I am new to the Deno runtime, so it would be helpful to have a sample to get started with JWT in Deno.

推荐答案

下面是一个简短的演示，它演示了如何创建具有 HS256 签名的JWT，以及如何对其进行验证并提取有效载荷.

Here is a short demonstration that shows how to create a JWT with a HS256 signature and how to verify it and extract the payload.

jwtdemo.ts (基于 djwt的1.9版):

import { verify, create, Header, Payload, getNumericDate } from "https://deno.land/x/djwt@v1.9/mod.ts"

var key = "secret-key";

const algorithm = "HS256"

const header: Header = {
  alg: algorithm,
  typ: "JWT",
  "custom-key":"custom-value"
};

const payload: Payload = {
  iss: "deno-demo",
  exp: getNumericDate(300)  // 300 seconds = 5 minutes from now on
  //exp: getNumericDate(new Date("2020-11-02T19:00:00.000Z"))   // or set a certain date and time
};


const jwt = await create(header, payload, key)
console.log(jwt);

//key = "wrong-key" // this will let the verification fail

try {
    const payload = await verify(jwt,  key, algorithm)
    console.log(payload)
}
catch(ex) {

    console.log(ex.message)
}

帮助程序方法 getNumericDate(exp)自动设置正确的Unix时间戳，并将作为参数给出的秒数添加到当前时间或直接使用给定的date参数.

The helper method getNumericDate(exp) automatically sets a correct unix timestamp and adds the number of seconds given as an argument to the current time or uses the given date argument directly.

您可以直接运行上面的演示，所有导入的模块将自动下载:

You can run the above demo directly and all imported modules will be downloaded automatically:

deno run jwtdemo.ts

结果是:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN1c3RvbS1rZXkiOiJjdXN0b20tdmFsdWUifQ.eyJpc3MiOiJkZW5vLWRlbW8iLCJleHAiOjE2MDQzNDI2NDR9.6dbloI7z6M40JSw5JPE_F19SWYaY4sALQ48mxUir8DM
{ iss: "deno-demo", exp: 1604342644 }

或者，如果签名错误:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN1c3RvbS1rZXkiOiJjdXN0b20tdmFsdWUifQ.eyJpc3MiOiJkZW5vLWRlbW8iLCJleHAiOjE2MDQzNDI2MzN9.XUUSZRsZp0sFdu8RBmzFcOZMXc9ZguA8tPy8n0hI7l4
The jwt's signature does not match the verification signature.

在node.js中创建JWT的显着区别是，我们在此处具有预定义的接口 Header 和 Payload ，而不是简单的JSON并检查值.

A notable difference to JWT creation in node.js is, that we have predefined interfaces Header and Payload here instead of simple JSON and values are checked.

当我设置

const algorithm = "XS256"   // instead of "HS256"

对算法的检查将失败，并且程序无法启动:

the check of the algorithm will fail and the program doesn't start:

Check file:///C:/Users/jps/source/deno/jwtdemoV19.ts
error: TS2322 [ERROR]: Type '"XS256"' is not assignable to type 'Algorithm'.
  alg: algorithm,
  ~~~
    at file:///C:/Users/jps/source/deno/jwtdemoV19.ts:8:3

    The expected type comes from property 'alg' which is declared here on type 'Header'
      alg: Algorithm;
      ~~~
        at https://deno.land/x/djwt@v1.9/mod.ts:36:3

TS2345 [ERROR]: Argument of type '"XS256"' is not assignable to parameter of type 'AlgorithmInput'.
        const payload = await verify(jwt,  key, algorithm)
                                                ~~~~~~~~~
    at file:///C:/Users/jps/source/deno/jwtdemoV19.ts:26:42

Found 2 errors.

该示例代码使用 djwt 版本1.9，该版本当前支持 HS256 ， HS512 和 RS256 签名算法.将来会根据deno加密模块支持的可用性而增加更多算法.

The sample code utilises djwt version 1.9, which currently supports HS256, HS512 and RS256 signature algorithms. More algorithms will be added in future, depending on the availability of support in the deno crypto modules.

阅读此答案我看看如何验证RS256签名令牌.

Read this answer I to see how to verify a RS256 signed token.

注意:此答案已被重写，以涵盖1.9版中djwt api的重大更改.旧版本基于djwt v1.7

Note: This answer has been rewritten to cover the breaking changes of the djwt api in version 1.9. The old version of this post was based on djwt v1.7

这篇关于使用Deno进行JWT身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！