У меня есть пример кода для проверки JWT, возвращенного провайдером. Я должен проверить токен с ключом Publi c, который хранится на другом сервере. Любая идея, если приведенный ниже код подходит для проверки?
Код:
@RequestMapping(value = "/publickey", method = RequestMethod.GET)
public ResponseEntity<String> getkey() {
String token = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtMEptdUpmNnVreV9IT0ZMZnAzY1lJN2xMay1nX1JBVmJzZHRYaW9sQzFjIn0.eyJqdGkiOiJmYjliMzUxMC1kN2NmLTRmOWUtODBhNC01M2RlZGU1MTc4YTQiLCJleHAiOjE1ODgxOTQ5MDksIm5iZiI6MCwiaWF0IjoxNTg4MTkzMTA5LCJpc3MiOiJodHRwczovL2tleWNsb2FrLmxhYi5oY2kuYWV0bmEuY29tL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiJiNTJhZDRmZC0xZDk5LTRiNjMtYjhjZi03MTRhM2VlODBlNDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJZNDNpTEFocjRlMFNvSjlLa1Y0dkxLbkdoTm1TMVkzYyIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjYzZjEwNDE0LWI4MzgtNGUxYy05OWUwLTkyYzY3MzhkMTYxZSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYXBwX3Rva2VuIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Ilk0M2lMQWhyNGUwU29KOUtrVjR2TEtuR2hObVMxWTNjIjp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiY2xpZW50SWQiOiJZNDNpTEFocjRlMFNvSjlLa1Y0dkxLbkdoTm1TMVkzYyIsImNsaWVudEhvc3QiOiIxMC4yMDguNzIuMzgiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC15NDNpbGFocjRlMHNvajlra3Y0dmxrbmdobm1zMXkzYyIsImNsaWVudEFkZHJlc3MiOiIxMC4yMDguNzIuMzgifQ.gXpkpmdB1BsWnCGUsWsOfcp_dBsW_4zAwrCX2hOdJ_GKodPooi5-8ySUuH7OXDltUfmjhstu2fPQrl3fjug-7YAUAs6o7Boih25fItrTX3-DINkBjyWgIux-1TNoJKh_IPFc4CSIKEGwo3B40BR-wtefx5j44nq6-69JQmqdRDN45AS0NYUc72drk3iHB-msktWlgFsgh9sC0buzvEYppYfWKChgRUbIxpcMLGNnlMIRMiAhJ-G2Kt6cIA0sA3aPLjPueyaZ8wsmXCMpblsPkOuZu92PxtmX5WOO26ZJ91r_VLpHwPQk0r091dh_tgW9cZ4WVPqIEWEa_D_oKGdiqg";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<String>(headers);
ResponseEntity<String> tokenResponse = rs.exchange(GET_TOKEN_URL, HttpMethod.GET, entity, String.class);
DecodedJWT jwt = JWT.decode(token);
JwkProvider provider = new UrlJwkProvider(GET_TOKEN_URL);
Jwk jwk;
try {
jwk = provider.get(jwt.getKeyId());
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null);
algorithm.verify(jwt);
// Check expiration
if (jwt.getExpiresAt().before(Calendar.getInstance().getTime())) {
throw new RuntimeException("Exired token!");
}
} catch (JwkException e) {
e.printStackTrace();
}
}
пом. xml:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.3</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>jwks-rsa</artifactId>
<version>0.9.0</version>
</dependency>
Исключение:
Причина: java .io.FileNotFoundException: https: // <> / open / <> /certs/.well-known/jwks.json