我想验证从Azure授予到React应用程序的OAuth JWT令牌。经过一些研究,这就是我理解它应该实现的方式:
const getSigningKeys: jwt.GetPublicKeyOrSecret = (header, callback) => {
const _client = jwksClient({
jwksUri: `https://login.microsoftonline.com/${TENANT_ID}/discovery/v2.0/keys`,
});
_client.getSigningKey(header.kid, (err: any, key: any) => {
const signingKey = key?.publicKey || key?.rsaPublicKey;
callback(null, signingKey);
});
};
export const verifyMicrosoftToken = async (tokenId: string): Promise<any> => {
const validationOptions = {
audience: CLIENT_ID, // v2.0 token
iss: `https://login.microsoftonline.com/${TENANT_ID}/v2.0`, // v2.0 token
algorithms: ['RS256' as Algorithm],
};
const decodedToken = await promisify(jwt.verify)(
tokenId,
getSigningKeys,
validationOptions
);
return decodedToken;
};
我在这里错过了什么吗?我一直得到以下错误:
JsonWebTokenError: secret or public key must be provided
此错误可能是由于getSigningKeys未返回公钥。您应该检查传递给回调方法的signingKey的值。如果key未定义,那么signingKey将未定义,这将导致JWT错误。您也可以直接调用key.getPublicKey()函数。
client.getSigningKey(header.kid, (err, key: jwksClient.SigningKey) => {
const signingKey = key.getPublicKey()
callback(null, signingKey)
})