我正在使用示例应用程序来测试OpenID Connect签名验证。但是,每次尝试,我的ID令牌验证都会失败。我请求ID令牌为response_type = idtoken。我正在使用迷你橙作为OIDC提供程序。
这是我得到的ID令牌
eyJraWQiOiIxIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoibXYyZHhTd0p6b1hVVkVJIiwic3ViIjoiZGlsaXRoLmVyYW5nZUBkY3Nhc2lhLm5ldCIsImF1ZCI6WyJ3aDR5ZDlnd1N1c19kdnMiXSwiZmlyc3RuYW1lIjoiZGlsaXRoIiwiYXV0aF90aW1lIjoiV2VkIFNlcCAyNiAxMzoyMzozOSBVVEMgMjAxOCIsImlzcyI6Imh0dHBzOlwvXC9hdXRoLm1pbmlvcmFuZ2UuY29tIiwiZXhwIjoxNTM3OTc4MjE5LCJub25jZSI6ImFiZGNlZmdoaWprbG1ub3AiLCJpYXQiOjE1Mzc5NjgyMTksImVtYWlsIjoiZGlsaXRoLmVyYW5nZUBkY3Nhc2lhLm5ldCIsImxhc3RuYW1lIjoiVml0aGFuYWdlIn0.hgkVlKwXWKt9yAF11940U5HOOR48U4JIjfVZwYYXd1mDo-fHZYaoaIQ76HLPVBqk8dagmtY3lz0wRald9JYIrNucxHQOLKbEKzjG7qCfngZVSNFUhC7nUrttbeMvGnz8mLtaa8DjqYsaQoOWrTzSh7rR_r3VzAQx6T6HSQUelNg
这是我用来检查此ID令牌的代码。
public void verifyid(String idt)throws Exception {
String jwt = idt;
FileInputStream fis = new FileInputStream("C:/Users/Dexter/Downloads/RSA256_OpenID_public_key.pem");
byte[] buffer = new byte[10];
StringBuilder sb = new StringBuilder();
while (fis.read(buffer) != -1) {
sb.append(new String(buffer));
buffer = new byte[10];
}
fis.close();
String publicKeyPEM = sb.toString();
RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
PublicKey publicKey = rsaKeyUtil.fromPemEncoded(publicKeyPEM);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setRequireExpirationTime()
.setVerificationKey(publicKey)
.build();
JwtClaims jwtDecoded = jwtConsumer.processToClaims(jwt);
String username = jwtDecoded.getStringClaimValue("sub");
String requiredScope = "sub";
List<String> scopes = jwtDecoded.getStringListClaimValue("sub");
if (!scopes.stream().anyMatch(scope -> scope.equals(requiredScope))) {
throw new Exception("Required scope is not claimed: " + requiredScope);
}
}
它抛出此异常
org.jose4j.jwt.consumer.InvalidJwtSignatureException:JWT由于无效签名而被拒绝。的附加细节:[[9]无效JWS签名:JsonWebSignature { “孩子”: “1”, “典型值”: “JWT”, “ALG”: “RS256”} - > eyJraWQiOiIxIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoibXYyZHhTd0p6b1hVVkVJIiwic3ViIjoiZGlsaXRoLmVyYW5nZUBkY3Nhc2lhLm5ldCIsImF1ZCI6WyJ3aDR5ZDlnd1N1c19kdnMiXSwiZmlyc3RuYW1lIjoiZGlsaXRoIiwiYXV0aF90aW1lIjoiV2VkIFNlcCAyNiAxMzoyMzozOSBVVEMgMjAxOCIsImlzcyI6Imh0dHBzOlwvXC9hdXRoLm1pbmlvcmFuZ2UuY29tIiwiZXhwIjoxNTM3OTc4MjE5LCJub25jZSI6ImFiZGNlZmdoaWprbG1ub3AiLCJpYXQiOjE1Mzc5NjgyMTksImVtYWlsIjoiZGlsaXRoLmVyYW5nZUBkY3Nhc2lhLm5ldCIsImxhc3RuYW1lIjoiVml0aGFuYWdlIn0.hgkVlKwXWKt9yAF11940U5HOOR48U4JIjfVZwYYXd1mDo-fHZYaoaIQ76HLPVBqk8dagmtY3lz0wRald9JYIrNucxHQOLKbEKzjG7qCfngZVSNFUhC7nUrttbeMvGnz8mLtaa8DjqYsaQoOWrTzSh7rR_r3VzAQx6T6HSQUelNg]
我尝试使用创建应用程序时获得的公钥来验证ID令牌
为什么验证失败?