如何解码Python中的Firebase JWT令牌 [英] How to decode Firebase JWT token in Python
问题描述
我添加了Firebase,允许客户端直接从网络应用客户端(浏览器)进行身份验证。我使用的是
我对如何找到这个秘密感到茫然,通常验证JWT id令牌。有关 Firebase文档(第三方部分)是:
最后,确保ID令牌由与令牌的kid声明相对应的私钥
签名。从
获取公共密钥 https:/ /www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com
并使用JWT库验证签名。
$ b $
$ b我试图将整个json blob从googleapis url粘贴到JWT调试器中,但仍然收到无效签名警报。我不明白如何使用该公钥。
python-jose是否适合这种方法?如果是这样,我应该用什么来保密呢?如果没有,有人可以指点我的方向吗?
谢谢。
解决方案我终于找到了我在这篇文章中找到的答案:将Python后端从Gitkit迁移到Firebase-Auth,使用python-jose进行标记验证
从发布的时间已经更新到
python-jose
包中,这样可以更好地支持firebase id令牌。这里是一些工作代码(jose版本1.3.1
)关于如何使用python解码firebase id令牌:
< pre $import urllib,json $ b $ from jose import jwt
$ b idtoken =<通过firebase身份验证传递给服务器的id令牌>
target_audience =< firebase app id>
certificate_url ='https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com'
response = urllib.urlopen (certificate_url)
certs = response.read()
certs = json.loads(certs)
如果无效则抛出错误
user = jwt.decode (idtoken,certs,algorithms ='RS256',audience = target_audience)
print user
I have added Firebase to allow clients to authenticate directly from the web app client (browser). I am using the firebase-web JS package and it works great. I can see in my browser that I receive a user object with information about the user, including an
idToken
.I need to then authenticate this user on my server backend, which is python django. In the Firebase docs I found a how-to for exactly what I am trying to do, which is to verify the id token.
Since they don't have the supported Firebase sdk for python, I need to use a third party solution. I have come to the python-jose package after finding it listed on the jwt.io site. The example looks simple enough:
jwt.decode(token, 'secret', algorithms=['RS256'])
This is my first time using JWT. I don't know what to use for the
'secret'
. I tried pasting my id token astoken
, and the web API key from the Firebase console forsecret
, but got this error:jose.exceptions.JWKError: RSA key format is not supported
I also tried the JWT debugger, which seems to be reading most of my id token correctly, but the signature verification is looking for a public and/or a private keys, which like the
'secret'
are escaping me.I am really at a loss for how to find this secret, and how to verify the JWT id token in general. The information on the Firebase docs (third-party section) is:
Finally, ensure that the ID token was signed by the private key corresponding to the token's kid claim. Grab the public key from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com and use a JWT library to verify the signature. Use the value of max-age in the Cache-Control header of the response from that endpoint to know when to refresh the public keys.
I have tried pasting the whole json blob from that googleapis url into the JWT debugger, but still getting an "invalid signature" alert. I don't understand how to use that public key.
Should python-jose work for this approach? If so, what should I use for the secret? If not, can someone point me in the right direction?
Thanks.
解决方案I finally found the answer I was looking for in this post: Migrating Python backend from Gitkit to to Firebase-Auth with python-jose for token verification
Since the time of the post there have been updates made to the
python-jose
package, which gives better support for firebase id tokens. Here is some working code (jose version 1.3.1
) on how to use python to decode the firebase id token:import urllib, json from jose import jwt idtoken = "<id token passed to server from firebase auth>" target_audience = "<firebase app id>" certificate_url = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' response = urllib.urlopen(certificate_url) certs = response.read() certs = json.loads(certs) #will throw error if not valid user = jwt.decode(idtoken, certs, algorithms='RS256', audience=target_audience) print user
这篇关于如何解码Python中的Firebase JWT令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!