更新时间:2021-10-29 17:32:42
public_key
似乎是base64编码的DER格式。您应该可以这样使用它:
from base64 import b64decode
import jwt
from cryptography.hazmat.primitives import serialization
r = requests.get("https://keycloak.some.domain/auth/realms/name-realm/")
r.raise_for_status()
key_der_base64 = r.json()["public_key"]
key_der = b64decode(key_der_base64.encode())
public_key = serialization.load_der_public_key(key_der)
payload = jwt.decode(token, public_key, algorithms=["RS256"])
但是,请注意https://keycloak.some.domain/auth/realms/name-realm/端点似乎不遵循任何正式标准。您***使用/certs
端点,如here所示:
import jwt
from jwt import PyJWKClient
url = "https://keycloak.some.domain/auth/realms/epf-uat/protocol/openid-connect/certs"
jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)
payload = jwt.decode(token, signing_key.key, algorithms=["RS256"])