我有一个 SPA 应用程序。每个客户端请求都包含Authorization: Bearer <access_token>从 google 检索到的https://developers.google.com/identity/protocols/OpenIDConnect(google创建 JWT 令牌)
验证端点(顺便说一下graphQL)时@jwt_required出现错误The specified alg value is not allowed
我尝试按照此处的状态调整配置选项,但没有运气。(基本上设置or到 RS256 但然后我得到要么JWT_ALGORITHMJWT_PUBLIC_KEYJWT_PUBLIC_KEY must be set to use asymmetric cryptography algorithm "RS256"Could not deserialize key data.
这里智威汤逊谷歌形状:
标题:
"alg": "RS256",
"kid": "",
"typ": "JWT"
}
身体:
{
"iss": "https://accounts.google.com",
"azp": "some.apps.googleusercontent.com",
"aud": "some.apps.googleusercontent.com",
"sub": "some_uuid",
"email": "email@test.com",
"email_verified": true,
"at_hash": "",
"name": "use_full_name",
"picture": "https://lh3.googleusercontent.com/a-/some",
"given_name": "user_name",
"family_name": "last_name",
"locale": "en",
"iat": 1572189191,
"exp": 1572192791
}
任何帮助表示赞赏!(尽管继续努力)