【发布时间】:2022-01-21 13:55:45
【问题描述】:
如何在 c# 中使用 hmac-sha256 生成 oauth 1.0 签名 密钥包含如下。
consumerKey
Token_ID
oauth_timestamp
oauth_nonce
realm
version 1.0
【问题讨论】:
【发布时间】:2022-01-21 13:55:45
【问题描述】:
我使用此代码来玩 HS256 令牌,希望对您有所帮助:
class Program
{
static async Task Main(string[] args)
{
string IDTokenStr = "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJKUHFUQ2ZIc1BWcTJfck5TNWxwbXciLCJ0eXAiOiJKV1QifQ.eyJuYmYiOjE1ODQ3MzIyNTUsImV4cCI6MTU4NDczMjU1NSwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eXNlcnZpY2UubG9jYWw6NjAwMSIsImF1ZCI6ImltcGxpY2l0Zmxvd2NsaWVudCIsIm5vbmNlIjoiMTEyMjMzNDQ1NSIsImlhdCI6MTU4NDczMjI1NSwiYXRfaGFzaCI6IjVGVy1kY3JfYjlYVXlEX09FcnRncFEiLCJzX2hhc2giOiJDNVFQM0NUc1VhSG80Tk4wTWs2eHJnIiwic2lkIjoiczJlMU9CSGU3SUNYMU5uZm1KYmNIdyIsInN1YiI6IlVzZXJJRDEyMzQ1NiIsImF1dGhfdGltZSI6MTU4NDczMjI1NCwiaWRwIjoibG9jYWwiLCJuYW1lIjoiRGVtbyBFZHVtZW50IiwiZ2l2ZW5fbmFtZSI6IkRlbW8iLCJmYW1pbHlfbmFtZSI6IkVkdW1lbnQiLCJlbWFpbCI6ImRlbW9AZWR1bWVudC5zZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ3ZWJzaXRlIjoiaHR0cDovL2FsaWNlLmNvbSIsImFtciI6WyJwd2QiXX0.zPaZ_-fZW-YOywsip_s9vks54m0iLUB_XBlevPVe4qT6xRAGFnEmho1Zvsbm5w5MamzKbJhu_GGXARAAFuttgCW_AEPXfFrgsPwz41IIpW7uUmC7ZKc2SpE1zKGJ3GqZ3QI9LYVOzPyUwJyBsvcYfiWR2MM_8AtJfpO2YpjSiBcSDhtdzxXtMwrMDxVEJ15EGqg-9t3xngk8ymDEJj-D5L_MSJSxjMrKv0hYee2a0NdocLEQlk385WDWplhPH2UQ1za0Q7GA913Y4_rQ6FTje7cbtaP1A_DahQJhOdDEpqsGXdPMEs-eRYsw2EbpXcJZqjB9_MaO-rLiXMmME2SrRQ";
string AccessTokenStr = "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJKUHFUQ2ZIc1BWcTJfck5TNWxwbXciLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE1ODQ3MzIyNTUsImV4cCI6MTU4NDczNTg1NSwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eXNlcnZpY2UubG9jYWw6NjAwMSIsImNsaWVudF9pZCI6ImltcGxpY2l0Zmxvd2NsaWVudCIsInN1YiI6IlVzZXJJRDEyMzQ1NiIsImF1dGhfdGltZSI6MTU4NDczMjI1NCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiZW1haWwiXSwiYW1yIjpbInB3ZCJdfQ.iTIOq-8AmCKpogNUdmHMoDnq4ka836PTQR-PGttjZgJvKaB-WoqBwVSxx9_ABnzCZ9Tb-06RFyMgseICLkSqft3S0O5n2z7SXV8R2JbgjEJ74qzuLf6N_Xh5vhI1e4xkJp0j04_O_zL64LZM3ofUFqafjog5xPF85MEmVVFxQZ5GqXs-c6OzCg5oJ0QPjLWGs438Savm7HlXNyuW19VIBXkv_XOfjfDZt_mRD8NFAjkXUsq62jhfGeClCQoaNaBxelfdwWUS9vRRQUf4ejA8mQHv2Oep7EPHKsG_JEIHT7Ws2Rt5MaYl9ydAQ9wM9igi6KJFrWfxRDRzl3k6vYC8qg";
JWTToken token = DecodeHS256Token(AccessTokenStr, "secret");
Console.WriteLine();
Console.WriteLine(token.ToString());
}
private static JWTToken DecodeHS256Token(string jwt, string secret)
{
JWTToken token = new JWTToken();
//Split the token into it's sub-parts
string[] splitted = jwt.Split('.');
var headerpart = splitted[0];
var payloadpart = splitted[1];
var TokenSignature = splitted[2];
//Decode and deserialize the header
byte[] _dec = Utility.Base64UrlDecode(headerpart);
string headerjson = Encoding.UTF8.GetString(_dec);
token.Headers = JsonConvert.DeserializeObject<Dictionary<string, string>>(headerjson);
//Decode and deserialize the payload
_dec = Utility.Base64UrlDecode(payloadpart);
string payloadjson = Encoding.UTF8.GetString(_dec);
token.Payload = JsonConvert.DeserializeObject<Dictionary<string, string[]>>(payloadjson);
token.TokenSignature = TokenSignature;
//Calculate the expected hash using the provided secret
string stringToSign = headerpart + "." + payloadpart;
var alg = new HMACSHA256(Utility.getBytes(secret));
byte[] hash = alg.ComputeHash(Utility.getBytes(stringToSign));
var calculatedSignature = Utility.Base64UrlEncode(hash);
if (TokenSignature == calculatedSignature)
Console.WriteLine("Token signature match!");
else
{
Console.WriteLine("Token signature don't match!");
Console.WriteLine($"TokenSignature = {TokenSignature}");
Console.WriteLine($"calculatedSignature = {calculatedSignature}");
}
return token;
}
}
public class JWTToken
{
public Dictionary<string, string> Headers { get; set; } = new Dictionary<string, string>();
public Dictionary<string, string[]> Payload { get; set; } = new Dictionary<string, string[]>();
public string TokenSignature { get; set; }
}
【讨论】: