Google 的 OpenIDConnect return 无法解析的 Base64 令牌
Google's OpenIDConnect return a Base64 token that cannot be parsed
作为理解 OpenIDConnect 的练习,我正在尝试 authenticate in my web app with Google following this guide。
问题是我无法读取 Google 发送到我的应用程序的令牌>
var bytes = Convert.FromBase64String(codeEx.Id_token);
var token = Encoding.ASCII.GetString(bytes);
第一行失败:"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters."
文档指出:"An ID token is a cryptographically signed JSON object encoded in base 64. "
出于显而易见的原因,我不能将令牌放在这里。我试过:
- The input is not a valid Base-64 string as it contains a non-base 64 character
- 添加“=”直到长度是 4 的倍数。
- 一起。
我得到代码交换响应,并用 NewtonSoft.Json 库反序列化它:
var http = new HttpClient(handler);
HttpResponseMessage result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
if (json.Property("error") != null)
throw new Exception(json.Property("error").Value.ToString() + ":" + json.Property("error_description").Value.ToString());
var codeEx = json.ToObject<CodeExchangeResponse>();
我不知道编码是否存在任何潜在问题。我可以在令牌中看到几个'-'和'_'。
知道如何读取令牌吗?
来自this post:
“id_token” is encoded in a format called JSON Web Token (JWT). JWT is
the concatenation of “header”, “body”, “signature” by periods (.).
因此您需要在 . 上拆分 id_token 并仅解码第二段:
var http = new HttpClient(handler);
var result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
var token = Convert.FromBase64String(json.id_token.split('.')[1]);
在令牌的紧凑表示反序列化后使用 base64url 解码(而不是普通的 base64),如:
var http = new HttpClient(handler);
var result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
var payload = json.id_token.split('.')[1];
payload = payload.Replace('-', '+').Replace('_', '/');
var base64 = payload.PadRight(payload.Length + (4 - payload.Length % 4) % 4, '=');
var token = Convert.FromBase64String(base64);
作为理解 OpenIDConnect 的练习,我正在尝试 authenticate in my web app with Google following this guide。
问题是我无法读取 Google 发送到我的应用程序的令牌>
var bytes = Convert.FromBase64String(codeEx.Id_token);
var token = Encoding.ASCII.GetString(bytes);
第一行失败:"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters."
文档指出:"An ID token is a cryptographically signed JSON object encoded in base 64. "
出于显而易见的原因,我不能将令牌放在这里。我试过:
- The input is not a valid Base-64 string as it contains a non-base 64 character
- 添加“=”直到长度是 4 的倍数。
- 一起。
我得到代码交换响应,并用 NewtonSoft.Json 库反序列化它:
var http = new HttpClient(handler);
HttpResponseMessage result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
if (json.Property("error") != null)
throw new Exception(json.Property("error").Value.ToString() + ":" + json.Property("error_description").Value.ToString());
var codeEx = json.ToObject<CodeExchangeResponse>();
我不知道编码是否存在任何潜在问题。我可以在令牌中看到几个'-'和'_'。
知道如何读取令牌吗?
来自this post:
“id_token” is encoded in a format called JSON Web Token (JWT). JWT is the concatenation of “header”, “body”, “signature” by periods (.).
因此您需要在 . 上拆分 id_token 并仅解码第二段:
var http = new HttpClient(handler);
var result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
var token = Convert.FromBase64String(json.id_token.split('.')[1]);
在令牌的紧凑表示反序列化后使用 base64url 解码(而不是普通的 base64),如:
var http = new HttpClient(handler);
var result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
var payload = json.id_token.split('.')[1];
payload = payload.Replace('-', '+').Replace('_', '/');
var base64 = payload.PadRight(payload.Length + (4 - payload.Length % 4) % 4, '=');
var token = Convert.FromBase64String(base64);