生成 JWT 令牌
Generating JWT tokens
谁能给我一个生成 jwt 令牌的示例,其中三个 headers 给出为 (alg, kid, typ),其格式为:
{
"alg": "RS256",
"kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910",
"typ": "JWT"
}
在https://developer.8x8.com/jaas/docs/api-keys-jwt之下。
Jwt 令牌在几个小时的时间限制内过期,因此我试图找到一种在我的代码本身中生成令牌的方法。
最后,我的 javascript 看起来像这样,我在选项列表中添加了 jwt 令牌以进行身份验证。
var options = {
roomName: "vpaas-magic-cookie-secretKey/Room123",
jwt: 'JWTTOKEN',
,
根据我在 https://jwt.io/ 下阅读的内容,我需要解码详细信息中的编码密钥。根据生成令牌,我认为它使用 HS256 算法。在 javascript 中执行此操作的步骤是什么?
编辑:在用户回答后,我对他的代码做了一些更改,目前我正在生成一半的 JWT 令牌。我正在用服务器上已经生成的令牌检查它 - Jaas.8x8
<script>
const HMACSHA256 = (stringToSign, secret) => "not_implemented"
// The header typically consists of two parts:
// the type of the token, which is JWT, and the signing algorithm being used,
// such as HMAC SHA256 or RSA.
const header = {
"kid": "vpaas-magic-cookie-07fabede3674457a84c95fsecretcode/myroom001",
"alg": "RS256",
"typ": "JWT"
}
const encodedHeaders = btoa(JSON.stringify(header))
// create the signature part you have to take the encoded header,
// the encoded payload, a secret, the algorithm specified in the header,
// and sign that.
const signature = HMACSHA256(`${encodedHeaders}`, "mysecret")
console.log(`${encodedHeaders}.${signature}`)
</script>
从代码生成的令牌是
eyJraWQiOiJ2cGFhcy1tYWdpYy1jb29raWUtMDdmYWJlZGUzNjc0NDU3YTg0Yzk1ZmE4MGIxNGY1ZDcvVGVzdFJhdW0wMDEiLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.not_implemented
而网上已经生成的token是:
eyJraWQiOiJ2cGFhcy1tYWdpYy1jb29raWUtMDdmYWJlZGUzNjc0NDU3YTg0Yzk1ZmE4MGIxNGY1ZDcvMTg1ZDY2LVNBTVBMRV9BUFAiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJqaXRzaSIsImV4cCI6MTYyMDM4ODU3NiwibmJmIjoxNjIwMzgxMzcxLCJpc3MiOiJjaGF0Iiwicm9vbSI6IioiLCJzdWIiOiJ2cGFhcy1tYWdpYy1jb29raWUtMDdmYWJlZGUzNjc0NDU3YTg0Yzk1ZmE4MGIxNGY1ZDciLCJjb250ZXh0Ijp7ImZlYXR1cmVzIjp7ImxpdmVzdHJlYW1pbmciOmZhbHNlLCJvdXRib3VuZC1jYWxsIjpmYWxzZSwidHJhbnNjcmlwdGlvbiI6ZmFsc2UsInJlY29yZGluZyI6ZmFsc2V9LCJ1c2VyIjp7Im1vZGVyYXRvciI6dHJ1ZSwibmFtZSI6IlRlc3QgVXNlciIsImlkIjoiYXV0aDB8NjA5M2EyYzM3Zjc3MGEwMDcxMGE5YzY5IiwiYXZhdGFyIjoiIiwiZW1haWwiOiJ0ZXN0LnVzZXJAY29tcGFueS5jb20ifX19.aNqg_VLXyafH8Se5rThe6TLz0F2AEnJSmuoZBQ4fXEm1PMx4SBRpelJsrmL76D_jKS5NT-GkuPDVcDgLv6nx9G4ywjws1AH4Lkt0FcJ3eH2OjbFI2WxPzJF_tDJbtPme5LJmGZwEa509v2QD0r-kr31M7FZ83S-kz3O1xKc33FnMJwNlqvgCSN2S0QwF6R5J01zDk41gCk0wGr3DXAmlz0FtCU0qJ5nN9iMUpr5QUY1D-hRApWMhoLPmxkuqnQKLjGwgxU8lh33wq_Laqu7qV57lYrI27er_c42YePwuitWEAAshQU4Ylf2v8sVRv06kQdFPVvICVdsTTI-DLbc3aQ
所以基本上前几个字符串是正确的,但其余的没有生成。我认为它与 mysecret 有关?这到底是什么?
所有说明都写在这一页上,https://jwt.io/introduction。
为简单起见,我没有实现 HMACSHA256 或使用库来实现。你需要实现这个功能。
- 如果您想从没有多大意义的浏览器中执行此操作,How to get HMAC with Crypto Web API。
- 如果你想从节点(后端)做,这更有意义,你可以看看这个https://www.nodejsera.com/snippets/nodejs/sha256-hmac.html。
我还认为您的 header 根据规范无效。这孩子属性 应该可以进入payload。
const HMACSHA256 = (stringToSign, secret) => "not_implemented"
// The header typically consists of two parts:
// the type of the token, which is JWT, and the signing algorithm being used,
// such as HMAC SHA256 or RSA.
const header = {
"alg": "HS256",
"typ": "JWT",
"kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910"
}
const encodedHeaders = btoa(JSON.stringify(header))
// The second part of the token is the payload, which contains the claims.
// Claims are statements about an entity (typically, the user) and
// additional data. There are three types of claims:
// registered, public, and private claims.
const claims = {
"role": "admin"
}
const encodedPlayload = btoa(JSON.stringify(claims))
// create the signature part you have to take the encoded header,
// the encoded payload, a secret, the algorithm specified in the header,
// and sign that.
const signature = HMACSHA256(`${encodedHeaders}.${encodedPlayload}`, "mysecret")
const encodedSignature = btoa(signature)
const jwt = `${encodedHeaders}.${encodedPlayload}.${encodedSignature}`
console.log({jwt})
谁能给我一个生成 jwt 令牌的示例,其中三个 headers 给出为 (alg, kid, typ),其格式为:
{
"alg": "RS256",
"kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910",
"typ": "JWT"
}
在https://developer.8x8.com/jaas/docs/api-keys-jwt之下。
Jwt 令牌在几个小时的时间限制内过期,因此我试图找到一种在我的代码本身中生成令牌的方法。
最后,我的 javascript 看起来像这样,我在选项列表中添加了 jwt 令牌以进行身份验证。
var options = {
roomName: "vpaas-magic-cookie-secretKey/Room123",
jwt: 'JWTTOKEN',
,
根据我在 https://jwt.io/ 下阅读的内容,我需要解码详细信息中的编码密钥。根据生成令牌,我认为它使用 HS256 算法。在 javascript 中执行此操作的步骤是什么?
编辑:在用户回答后,我对他的代码做了一些更改,目前我正在生成一半的 JWT 令牌。我正在用服务器上已经生成的令牌检查它 - Jaas.8x8
<script>
const HMACSHA256 = (stringToSign, secret) => "not_implemented"
// The header typically consists of two parts:
// the type of the token, which is JWT, and the signing algorithm being used,
// such as HMAC SHA256 or RSA.
const header = {
"kid": "vpaas-magic-cookie-07fabede3674457a84c95fsecretcode/myroom001",
"alg": "RS256",
"typ": "JWT"
}
const encodedHeaders = btoa(JSON.stringify(header))
// create the signature part you have to take the encoded header,
// the encoded payload, a secret, the algorithm specified in the header,
// and sign that.
const signature = HMACSHA256(`${encodedHeaders}`, "mysecret")
console.log(`${encodedHeaders}.${signature}`)
</script>
从代码生成的令牌是
eyJraWQiOiJ2cGFhcy1tYWdpYy1jb29raWUtMDdmYWJlZGUzNjc0NDU3YTg0Yzk1ZmE4MGIxNGY1ZDcvVGVzdFJhdW0wMDEiLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.not_implemented
而网上已经生成的token是:
eyJraWQiOiJ2cGFhcy1tYWdpYy1jb29raWUtMDdmYWJlZGUzNjc0NDU3YTg0Yzk1ZmE4MGIxNGY1ZDcvMTg1ZDY2LVNBTVBMRV9BUFAiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJqaXRzaSIsImV4cCI6MTYyMDM4ODU3NiwibmJmIjoxNjIwMzgxMzcxLCJpc3MiOiJjaGF0Iiwicm9vbSI6IioiLCJzdWIiOiJ2cGFhcy1tYWdpYy1jb29raWUtMDdmYWJlZGUzNjc0NDU3YTg0Yzk1ZmE4MGIxNGY1ZDciLCJjb250ZXh0Ijp7ImZlYXR1cmVzIjp7ImxpdmVzdHJlYW1pbmciOmZhbHNlLCJvdXRib3VuZC1jYWxsIjpmYWxzZSwidHJhbnNjcmlwdGlvbiI6ZmFsc2UsInJlY29yZGluZyI6ZmFsc2V9LCJ1c2VyIjp7Im1vZGVyYXRvciI6dHJ1ZSwibmFtZSI6IlRlc3QgVXNlciIsImlkIjoiYXV0aDB8NjA5M2EyYzM3Zjc3MGEwMDcxMGE5YzY5IiwiYXZhdGFyIjoiIiwiZW1haWwiOiJ0ZXN0LnVzZXJAY29tcGFueS5jb20ifX19.aNqg_VLXyafH8Se5rThe6TLz0F2AEnJSmuoZBQ4fXEm1PMx4SBRpelJsrmL76D_jKS5NT-GkuPDVcDgLv6nx9G4ywjws1AH4Lkt0FcJ3eH2OjbFI2WxPzJF_tDJbtPme5LJmGZwEa509v2QD0r-kr31M7FZ83S-kz3O1xKc33FnMJwNlqvgCSN2S0QwF6R5J01zDk41gCk0wGr3DXAmlz0FtCU0qJ5nN9iMUpr5QUY1D-hRApWMhoLPmxkuqnQKLjGwgxU8lh33wq_Laqu7qV57lYrI27er_c42YePwuitWEAAshQU4Ylf2v8sVRv06kQdFPVvICVdsTTI-DLbc3aQ
所以基本上前几个字符串是正确的,但其余的没有生成。我认为它与 mysecret 有关?这到底是什么?
所有说明都写在这一页上,https://jwt.io/introduction。
为简单起见,我没有实现 HMACSHA256 或使用库来实现。你需要实现这个功能。
- 如果您想从没有多大意义的浏览器中执行此操作,How to get HMAC with Crypto Web API。
- 如果你想从节点(后端)做,这更有意义,你可以看看这个https://www.nodejsera.com/snippets/nodejs/sha256-hmac.html。
我还认为您的 header 根据规范无效。这孩子属性 应该可以进入payload。
const HMACSHA256 = (stringToSign, secret) => "not_implemented"
// The header typically consists of two parts:
// the type of the token, which is JWT, and the signing algorithm being used,
// such as HMAC SHA256 or RSA.
const header = {
"alg": "HS256",
"typ": "JWT",
"kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910"
}
const encodedHeaders = btoa(JSON.stringify(header))
// The second part of the token is the payload, which contains the claims.
// Claims are statements about an entity (typically, the user) and
// additional data. There are three types of claims:
// registered, public, and private claims.
const claims = {
"role": "admin"
}
const encodedPlayload = btoa(JSON.stringify(claims))
// create the signature part you have to take the encoded header,
// the encoded payload, a secret, the algorithm specified in the header,
// and sign that.
const signature = HMACSHA256(`${encodedHeaders}.${encodedPlayload}`, "mysecret")
const encodedSignature = btoa(signature)
const jwt = `${encodedHeaders}.${encodedPlayload}.${encodedSignature}`
console.log({jwt})