python jwt 中令牌过期时如何提取 jwt 令牌负载
How to extract jwt token payload when token is expired in python jwt
在 python jwt 包中的 jwt 令牌过期后,我无法提取 JWT 令牌负载。
我正在使用 flask api 进行后端开发,实现在中间件中。
下面是我的代码:
import jwt
from flask import request
from functools import wraps
from werkzeug.exceptions import Forbidden, Unauthorized
def admin_rights_required(f):
@wraps(f)
def _decorated(*args, **kwargs):
config = readConfig()
secretKey = config["JWT_SECRET_KEY"]
algorithm = config["JWT_ENCODING_ALGORITHM"]
token = None
if "Authorization" in request.headers:
data = request.headers["Authorization"]
token = str.replace(str(data), "Bearer ", "")
try:
if not token or (not _ruleUserObj.getRuleUserFromToken(token)):
data = jwt.decode(token, secretKey, algorithms=algorithm)
raise Unauthorized("Token is missing")
data = jwt.decode(token, secretKey, algorithms=algorithm)
if getTokenDurationDifference(token) == -1:
raise jwt.InvalidTokenError
currentUser = _ruleUserObj.getRuleUser(data["sub"]["username"])
if not len(currentUser) > 0:
raise jwt.InvalidTokenError
if currentUser["isAdmin"] == False:
raise Forbidden()
except jwt.ExpiredSignatureError:
_ruleUserObj.updatedRuleUserSessionRemToken(data["sub"]["username"])
raise Unauthorized("Signature expired. Please log in again.")
except jwt.InvalidTokenError:
_ruleUserObj.updatedRuleUserSessionRemToken(data["sub"]["username"])
raise Unauthorized("Invalid token. Please log in again.")
return f(*args, **kwargs)
return _decorated
我在python的jwt包里找到了解决办法。以下是 link 供参考:
https://pyjwt.readthedocs.io/en/latest/usage.html#reading-the-claimset-without-validation
下面是我为上面所做的代码更改:
jwt.decode(
token,
secretKey,
algorithms=algorithm,
options={"verify_signature": False},
)
)["sub"]["username"]
)
将代码与主代码合并后如下所示:
import jwt
from flask import request
from functools import wraps
from werkzeug.exceptions import Forbidden, Unauthorized
def admin_rights_required(f):
@wraps(f)
def _decorated(*args, **kwargs):
config = readConfig()
secretKey = config["JWT_SECRET_KEY"]
algorithm = config["JWT_ENCODING_ALGORITHM"]
token = None
if "Authorization" in request.headers:
data = request.headers["Authorization"]
token = str.replace(str(data), "Bearer ", "")
try:
if not token or (not _ruleUserObj.getRuleUserFromToken(token)):
data = jwt.decode(token, secretKey, algorithms=algorithm)
raise Unauthorized("Token is missing")
data = jwt.decode(token, secretKey, algorithms=algorithm)
if getTokenDurationDifference(token) == -1:
raise jwt.InvalidTokenError
currentUser = _ruleUserObj.getRuleUser(data["sub"]["username"])
if not len(currentUser) > 0:
raise jwt.InvalidTokenError
if currentUser["isAdmin"] == False:
raise Forbidden()
except jwt.ExpiredSignatureError:
_ruleUserObj.updatedRuleUserSessionRemToken(
(
jwt.decode(
token,
secretKey,
algorithms=algorithm,
options={"verify_signature": False},
)
)["sub"]["username"]
)
raise Unauthorized("Signature expired. Please log in again.")
except jwt.InvalidTokenError:
_ruleUserObj.updatedRuleUserSessionRemToken(
(
jwt.decode(
token,
secretKey,
algorithms=algorithm,
options={"verify_signature": False},
)
)["sub"]["username"]
)
raise Unauthorized("Invalid token. Please log in again.")
return f(*args, **kwargs)
return _decorated
如果 jwt 令牌已过期,还有其他方法可以对其进行解码:
正如@KlausD 所建议的。下面是实现:
import base64
import json
tokenSplit = token.split(".")
json.loads((base64.b64decode(tokenSplit[1])).decode("utf-8"))
感谢@KlausD。对于简单的 hack
如果 options 参数不能像这样工作:options = { "verify_signature": False }
使用 lib pyjwt==1.7.1 尝试通知参数“verify=False”,如下所示:
payload = jwt.decode(jwt=token, key=secret, verify=False, algorithms = [ 'HS256' ])
在 python jwt 包中的 jwt 令牌过期后,我无法提取 JWT 令牌负载。 我正在使用 flask api 进行后端开发,实现在中间件中。
下面是我的代码:
import jwt
from flask import request
from functools import wraps
from werkzeug.exceptions import Forbidden, Unauthorized
def admin_rights_required(f):
@wraps(f)
def _decorated(*args, **kwargs):
config = readConfig()
secretKey = config["JWT_SECRET_KEY"]
algorithm = config["JWT_ENCODING_ALGORITHM"]
token = None
if "Authorization" in request.headers:
data = request.headers["Authorization"]
token = str.replace(str(data), "Bearer ", "")
try:
if not token or (not _ruleUserObj.getRuleUserFromToken(token)):
data = jwt.decode(token, secretKey, algorithms=algorithm)
raise Unauthorized("Token is missing")
data = jwt.decode(token, secretKey, algorithms=algorithm)
if getTokenDurationDifference(token) == -1:
raise jwt.InvalidTokenError
currentUser = _ruleUserObj.getRuleUser(data["sub"]["username"])
if not len(currentUser) > 0:
raise jwt.InvalidTokenError
if currentUser["isAdmin"] == False:
raise Forbidden()
except jwt.ExpiredSignatureError:
_ruleUserObj.updatedRuleUserSessionRemToken(data["sub"]["username"])
raise Unauthorized("Signature expired. Please log in again.")
except jwt.InvalidTokenError:
_ruleUserObj.updatedRuleUserSessionRemToken(data["sub"]["username"])
raise Unauthorized("Invalid token. Please log in again.")
return f(*args, **kwargs)
return _decorated
我在python的jwt包里找到了解决办法。以下是 link 供参考:
https://pyjwt.readthedocs.io/en/latest/usage.html#reading-the-claimset-without-validation
下面是我为上面所做的代码更改:
jwt.decode(
token,
secretKey,
algorithms=algorithm,
options={"verify_signature": False},
)
)["sub"]["username"]
)
将代码与主代码合并后如下所示:
import jwt
from flask import request
from functools import wraps
from werkzeug.exceptions import Forbidden, Unauthorized
def admin_rights_required(f):
@wraps(f)
def _decorated(*args, **kwargs):
config = readConfig()
secretKey = config["JWT_SECRET_KEY"]
algorithm = config["JWT_ENCODING_ALGORITHM"]
token = None
if "Authorization" in request.headers:
data = request.headers["Authorization"]
token = str.replace(str(data), "Bearer ", "")
try:
if not token or (not _ruleUserObj.getRuleUserFromToken(token)):
data = jwt.decode(token, secretKey, algorithms=algorithm)
raise Unauthorized("Token is missing")
data = jwt.decode(token, secretKey, algorithms=algorithm)
if getTokenDurationDifference(token) == -1:
raise jwt.InvalidTokenError
currentUser = _ruleUserObj.getRuleUser(data["sub"]["username"])
if not len(currentUser) > 0:
raise jwt.InvalidTokenError
if currentUser["isAdmin"] == False:
raise Forbidden()
except jwt.ExpiredSignatureError:
_ruleUserObj.updatedRuleUserSessionRemToken(
(
jwt.decode(
token,
secretKey,
algorithms=algorithm,
options={"verify_signature": False},
)
)["sub"]["username"]
)
raise Unauthorized("Signature expired. Please log in again.")
except jwt.InvalidTokenError:
_ruleUserObj.updatedRuleUserSessionRemToken(
(
jwt.decode(
token,
secretKey,
algorithms=algorithm,
options={"verify_signature": False},
)
)["sub"]["username"]
)
raise Unauthorized("Invalid token. Please log in again.")
return f(*args, **kwargs)
return _decorated
如果 jwt 令牌已过期,还有其他方法可以对其进行解码: 正如@KlausD 所建议的。下面是实现:
import base64
import json
tokenSplit = token.split(".")
json.loads((base64.b64decode(tokenSplit[1])).decode("utf-8"))
感谢@KlausD。对于简单的 hack
如果 options 参数不能像这样工作:options = { "verify_signature": False }
使用 lib pyjwt==1.7.1 尝试通知参数“verify=False”,如下所示:
payload = jwt.decode(jwt=token, key=secret, verify=False, algorithms = [ 'HS256' ])