向 opentok REST API 执行 REST 请求时,我发现我的 jwt 令牌已“过期”。
想了想,我向服务器执行了一个虚拟请求 仅用于获取服务器日期,通过使用与令牌到期时间相同的服务器日期,我能够列出属于会话的视频。
这显然是错误的,iat时间和exp时间不应该与服务器日期匹配。
可能的解决方案:
A) 用户应该能够指定他的服务器时区,并且 OpenTok REST 服务器应该与为给定项目配置的时区相关的日期匹配。
B) 忽略 iat 并考虑以秒为单位的过期时间。
谢谢
【问题讨论】:
标签: opentok
这表明您服务器上的时钟未正确同步。从 2.5.0 版开始的 PHP SDK 已经实现了 JWT,并且已经被证明可以正常工作。我建议您升级到 v2.5.0 并确保您的服务器时钟准确。
【讨论】:
补丁
/**
* Useless class used to fix bugs and solve single session archive fetching
* issue in opentok.
*
* This class also implements JWT in order to comply with the new authentication
* system that will be in use during July of 2017.
*
* A problem was also detected when trying to authenticate (date issue)
*
* @see https://github.com/opentok/OpenTok-PHP-SDK/issues/172
* @see https://stackoverflow.com/questions/44768499/opentok-jwt-authenticacion-bug
*
* @author Federico Stange <jpfstange@gmail.com>
*/
namespace stange\opentok;
use \Firebase\JWT\JWT;
use \Guzzle\Common\Event;
use \OpenTok\Util\Client as OpenTokClient;
class OTAuthPlugin extends \OpenTok\Util\Plugin\PartnerAuth{
private $timestamp = null;
public static function getSubscribedEvents(){
return array('request.before_send' => 'onBeforeSend');
}
public function setTimestamp($time){
$this->timestamp =$time;
return $this;
}
public function getTimestamp(){
return $this->timestamp;
}
public function onBeforeSend(Event $event){
$event['request']->addHeader(
'X-OPENTOK-AUTH',
$this->createAuthHeader()
);
}
private function createAuthHeader(){
$token = array(
'ist' => 'project',
'iss' => $this->apiKey,
'iat' => $this->timestamp,
'exp' => $this->timestamp+180,
'jti' => uniqid()
);
return JWT::encode($token, $this->apiSecret);
}
}
class Client extends OpenTokClient{
public function configure($apiKey, $apiSecret, $apiUrl){
$this->apiKey = $apiKey;
$this->apiSecret = $apiSecret;
$this->setBaseUrl($apiUrl);
$this->setUserAgent(OPENTOK_SDK_USER_AGENT, true);
$opentokAuthPlugin = new OTAuthPlugin($apiKey, $apiSecret);
$opentokAuthPlugin->setTimestamp($this->getServerDate());
$this->addSubscriber($opentokAuthPlugin);
$this->configured = true;
}
/**
* Make a request for getting the server date
* this is a bug and it has been reported to the opentok team.
* and to the tech support department.
*
*
*/
public function getServerDate(){
try{
$response = $this->get(
"/v2/project/". md5(uniqid())
)->send();
} catch (\Exception $e) {
$date = $e->getResponse()->getHeader('Date')->toArray();
$date = $date[0];
$serverDate = \DateTime::createFromFormat(
"D, d M Y H:i:s e",
$date
);
return $serverDate->getTimestamp();
}
return $serverDate;
}
public function listArchivesInSession($sessionId){
$url = "/v2/project/{$this->apiKey}/archive?sessionId=$sessionId";
$request = $this->get($url);
return $request->send()->json();
}
}
【讨论】: