-3

我正在尝试进行后端苹果登录,它看起来工作良好,直到jwk = JWT::JWK.import(keyHash)它总是返回错误无效 base64 的行。我正在使用 gem jwt 版本 2.2.1 和 Ruby 2.2.4

begin
  header_segment = JSON.parse(Base64.decode64(jwt.split(".").first))
  alg = header_segment["alg"]
  kid = header_segment["kid"]

  apple_response = Net::HTTP.get(URI.parse(GET_PK_APPLE_URL))
  apple_certificate = JSON.parse(apple_response)

  keyHash = ActiveSupport::HashWithIndifferentAccess.new(apple_certificate["keys"].select {|key| key["kid"] == kid}[0])

  jwk = JWT::JWK.import(keyHash)

  token_data = JWT.decode(jwt, jwk.public_key, true, {algorithm: alg})[0]

  if token_data.has_key?("sub") && token_data.has_key?("email") && userIdentity == token_data["sub"]
    puts "Name: " + name + " is validated."
    login_or_create_user('apple')
  else
    render_error
  end
rescue StandardError => e
  render_error
end
4

1 回答 1

0

我发现了问题,jwt gem 有一个 openssl 依赖项,而 openssl 需要一个来自 Ruby 的更实际的版本,由于其他原因我现在无法更改我的 Ruby 版本,所以我需要更改我的代码以在不使用的情况下获取 JWK `` `JWT::JWK.import(keyHash)```。我还需要使用 UrlSafeBase64 gem。

begin      
  header_segment = JSON.parse(Base64.decode64(jwt.split(".").first))
  alg = header_segment["alg"]
  kid = header_segment["kid"]

  apple_response = Net::HTTP.get(URI.parse(LOGIN_APPLE_URL))
  apple_certificate = JSON.parse(apple_response)

  keyHash = ActiveSupport::HashWithIndifferentAccess.new(apple_certificate["keys"].select {|key| key["kid"] == kid}[0])      
  key = OpenSSL::PKey::RSA.new
  key.e = OpenSSL::BN.new(UrlSafeBase64.decode64(keyHash["e"]), 2)
  key.n = OpenSSL::BN.new(UrlSafeBase64.decode64(keyHash["n"]), 2)
                  
  token_data = JWT.decode(jwt, key, true, {algorithm: alg})[0]
  
  if token_data.has_key?("sub") && token_data.has_key?("email") && userIdentity == token_data["sub"]        
    login_or_create_user('apple')
  else
    render_error
  end
rescue StandardError => e
  render_error
end
于 2020-07-28T00:03:45.507 回答