如何使用jwt, 请点击这里查看
如何使用 Authorization, 点击这里
在这里,就放一个简单的代码
import sys
import json
# pip3 install python-jose
from jose import jwt
from urllib.request import urlopen
# Configuration
# UPDATE THIS TO REFLECT YOUR AUTH0 ACCOUNT
AUTH0_DOMAIN = 'YOUR_AUTH0_DOMAIN'
ALGORITHMS = ['RS256']
API_AUDIENCE = 'YOUR_API_AUDIENCE'
'''
AuthError Exception
A standardized way to communicate auth failure modes
'''
class AuthError(Exception):
def __init__(self, error, status_code):
self.error = error
self.status_code = status_code
# PASTE YOUR OWN TOKEN HERE
# MAKE SURE THIS IS A VALID AUTH0 TOKEN FROM THE LOGIN FLOW
token = "YOUR_TOKEN"
## Auth Header
def verify_decode_jwt(token):
# GET THE PUBLIC KEY FROM AUTH0
jsonurl = urlopen(f'https://{AUTH0_DOMAIN}/.well-known/jwks.json')
jwks = json.loads(jsonurl.read())
print(jwks)
# GET THE DATA IN THE HEADER
unverified_header = jwt.get_unverified_header(token)
# CHOOSE OUR KEY
rsa_key = {}
if 'kid' not in unverified_header:
raise AuthError({
'code': 'invalid_header',
'description': 'Authorization malformed.'
}, 401)
for key in jwks['keys']:
if key['kid'] == unverified_header['kid']:
rsa_key = {
'kty': key['kty'],
'kid': key['kid'],
'use': key['use'],
'n': key['n'],
'e': key['e']
}
if rsa_key:
try:
# USE THE KEY TO VALIDATE THE JWT
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_AUDIENCE,
issuer='https://' + AUTH0_DOMAIN + '/'
)
return payload
except jwt.ExpiredSignatureError:
raise AuthError({
'code': 'token_expired',
'description': 'Token expired.'
}, 401)
except jwt.JWTClaimsError:
raise AuthError({
'code': 'invalid_claims',
'description': 'Incorrect claims. Please, check the audience and issuer.'
}, 401)
except Exception:
raise AuthError({
'code': 'invalid_header',
'description': 'Unable to parse authentication token.'
}, 400)
raise AuthError({
'code': 'invalid_header',
'description': 'Unable to find the appropriate key.'
}, 400)
print(verify_decode_jwt(token))
结果就类似这样
{
'iss': 'https://example.com/',
'sub': 'auth0|example',
'aud': 'example',
'iat': example_number,
'exp': example_number,
'azp': 'example',
'scope': ''
}
不知道如何获取Domain name和Token,点击这里查看