如何验证由Thinktecture身份服务器发布的JWT令牌?(How to Validate JWT Token issued by Thinktecture identity server?)
有没有办法在OAuth客户端从身份服务器获取JWT令牌时是否可以?
我担心当用户获取access_token并尝试使用base64解码它时,用户可以修改令牌字符串。
我的方案是:我有两个Web门户A和B,他们都集成了Thinktecture身份服务器。 用户A只能通过“角色:portalA”声明访问门户A,但如果用户A尝试登录门户A并获取access_token,则用户A将“role:portalB”添加到access_token中,然后用再次base64。 那么修改过的access_token传递给门户B,我担心用户A可以访问门户B,所以我必须再次检查access_token到身份服务器。 是否有任何方法来验证这个access_token? 或者这种情况不会发生?
Is there any way that when the OAuth client get the JWT token from identity server is OK or not?
I afraid the when user get the access_token and try to use base64 to decode it then users can modify the token string .
My scenario is : I have two web portal A and B both of them integrated the Thinktecture identity server. User A just can access portal A with "role:portalA" claim but couldn't access portal B if user A try to login portal A and get the access_token then user A add the "role:portalB" into the the access_token then encode with base64 again. then the modified access_token pass to the Portal B, I afraid that user A could access portal B. so I have to check the access_token to Identity server again. is that any way to validate this access_token ? or this situation will not be happened?
原文:https://stackoverflow.com/questions/23291730
最满意答案
这应该这样做:
$date = is_array($arr['Date']) ? $arr['Date'][0] : $arr['Date'];
This should do it:
$date = is_array($arr['Date']) ? $arr['Date'][0] : $arr['Date'];
相关问答
更多-
在php数组中使用变量(Use variable in php array)[2022-06-22]
只需删除$id["1"]周围的撇号: $output[$id["1"]] 否则, '$id["1"]'被字面上视为字符串索引。 Just remove the apostrophes around $id["1"]: $output[$id["1"]] Otherwise, the '$id["1"]' is treated literally as a string index. -
不是推荐的做事方式,而是: $arr = array(); for($i=0;$i<5;$i++) { $varName = 'number_'.$i; $arr[] = $$varName; } Not a recomended way of doing things but: $arr = array(); for($i=0;$i<5;$i++) { $varName = 'number_'.$i; $arr[] = $$varName; }
-
数组中的变量(php)(variable in array (php))[2023-09-14]
使用sprintf ,使用%s作为占位符: $game_descr = [ 1 => 'some text1 (%s) some text', // ... ]; $posts = $wpdb->get_results("SELECT ID, post_title, post_content FROM wp_posts WHERE post_status = 'publish'"); foreach ($posts as $p) { $index = mt_rand(1, count($g ... -
echo is_array($ variable); http://us3.php.net/is_array echo is_array($variable); http://us3.php.net/is_array
-
数组到php变量(array to php variable)[2023-10-21]
这应该这样做: $date = is_array($arr['Date']) ? $arr['Date'][0] : $arr['Date']; This should do it: $date = is_array($arr['Date']) ? $arr['Date'][0] : $arr['Date']; -
正如评论中所述: $x = utf8_encode(urldecode($_GET['x'])); 而且你应该/可以使用in_array() if (in_array($x, $y)) { echo "Found!"; } As posted in the comments: $x = utf8_encode(urldecode($_GET['x'])); And also you should/could use in_array() if (in_array($x, $y)) { echo "Fo ...
-
您可以将包含的文件看起来像这样。 'bar']; 然后使用array_push($all, $myVars); 要么 如果您包含的文件看起来像这样。 'bar']; 然后你可以使用array_push($all, include($getVariable . "Array.php")); 无论哪种方式, $all将== [['foo' => 'bar']] You can either have you ...
-
使用变量作为php数组(Use variable as php array)[2022-03-09]
要使数据库得到正确的规范化,您应该以不会将数组存储在数据库中的方式来构建表,而是每个用户都是表中的一行。 然而,要回答你的问题,你需要使用explode()函数。 //$row['usersBought'] = "Darren,Adam,Coral"; <- Example $user = "Darren"; $usersBought = $row['usersBought']; $userArray = explode(",", $usersBought); if (in_array($user, $u ... -
数组内部的PHP变量(PHP Variable inside array)[2022-10-15]
$opts = array( 'page'=>"/subfolder/{$my_var}.php" ); $opts = array( 'page'=>"/subfolder/{$my_var}.php" ); -
php将变量转换为数组(php casting variable to array)[2021-10-18]
如果$var是标量,则记录两行都是相同的: 对于任何类型:整数,浮点数,字符串,布尔值和资源,将值转换为数组会生成一个数组,其中包含索引为零的单个元素以及已转换的标量值。 换句话说, (array)$ scalarValue与数组($ scalarValue)完全相同 。 http://www.php.net/manual/en/language.types.array.php#language.types.array.casting If $var is a scalar, it's documented ...