【JWT】jwt理解,并手写实现jwt令牌分发和jwt令牌验证
JWT_Assign.py
import hashlib import hmac import json import base64 class JWT_Assign(object): def __init__(self,secret):#初始化秘钥 self.secret=secret def get_jwt_token(self,header,payload):#分发jwt令牌 header_str=json.dumps(header) header_base64_str=base64.b64encode(header_str.encode('utf-8')) payload_str=json.dumps(payload) payload_base64_str=base64.b64encode(payload_str.encode('utf-8')) string=b".".join([header_str.encode('utf-8'),payload_str.encode('utf-8')]) sign=base64.b64encode(hmac.new(self.secret.encode('utf-8'),string,hashlib.sha256).digest()) jwt_str=b".".join([header_base64_str.replace(b'=',b'?'),payload_base64_str.replace(b'=',b'?')\ ,sign.replace(b'=',b'?')]) return jwt_str.decode('utf-8') def check_jwt_token(self,jwt_str):#验证jwt令牌,防止token被恶意修改 jwt_parts=jwt_str.split('.') header_base64_str=jwt_parts[0].replace('?', '=') payload_base64_str=jwt_parts[1].replace('?', '=') sign_str=jwt_parts[2].replace('?', '=') header_str=base64.b64decode(header_base64_str.encode('utf-8')) payload_str=base64.b64decode(payload_base64_str.encode('utf-8')) string=b'.'.join([header_str,payload_str]) sign_check=base64.b64encode(hmac.new(self.secret.encode('utf-8'),string,hashlib.sha256).digest()\ ).decode('utf-8') if sign_check == sign_str: return True,json.loads(payload_str)
return False,json.loads(payload_str)
验证demo
header={ 'type':'JWT', 'alg':'sha256' } payload={ 'iss':'wgy', 'iat':'user' } #验证JWT_Assign.py from JWT_Assign import JWT_Assign jwt_assign_obj=JWT_Assign('wangguangyuan1') jwt_rst=jwt_assign_obj.get_jwt_token(header,payload) print(jwt_rst)#eyJ0eXBlIjogIkpXVCIsICJhbGciOiAic2hhMjU2In0?.eyJpc3MiOiAid2d5IiwgImlhdCI6ICJ1c2VyIn0?.WykGWmyrA/eIoNOST44yYAEmf84yFDjKnw55wQyUkH4? print(jwt_assign_obj.check_jwt_token(jwt_rst))#True
浙公网安备 33010602011771号