Classic ASP
Classic ASP
Verify a Google JWT Using Google's Public Key
See more Google APIs Examples
Demonstrates how to verify a JWT that was signed using Google's RSA private key.This example verifies the RSA signature. It also does the following:
- Checks to see if the time constraints ("nbf" and "exp") are valid.
- Recovers the original JOSE header.
- Recovers the original claims JSON.
Chilkat Classic ASP Downloads
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0
' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
set http = Server.CreateObject("Chilkat.Http")
set sbPubKeys = Server.CreateObject("Chilkat.StringBuilder")
success = http.QuickGetSb("https://www.googleapis.com/oauth2/v3/certs",sbPubKeys)
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
Response.End
End If
Response.Write "<pre>" & Server.HTMLEncode( sbPubKeys.GetAsString()) & "</pre>"
' Here are the keys:
' {
' "keys": [
' {
' "e": "AQAB",
' "n": "4bAT6C6EeX8Dspje3FrAXw-nnhNk04e1RmNa4kjc0CHf6Pk7ryARlwA-6YilyPABqQfYHx60s8oSnxvUVprFfQ2-Q8aAZO7bPKSxnoGlcKERL2oLNA4Msvc89N9Y5ycThZUplf_QC19e6jyYXN6Nz-UnJSCLrtQY8tVhhVRs61j4A2N_p-enAi-r704Qi1-v-DKV4eVRkClKViploo8NyjUaT9L4vbBssPCjyimJzsWnEe1fED5c4LnHeArYzA_FEn3JJotqDIz9t2VnvZNTMhizHEX4VnORlEWMEfR8n4CEHQx7PcQUOmfqyw08gWeXQl1-uTjtIGaE-sRIv9u_vQ",
' "kty": "RSA",
' "use": "sig",
' "alg": "RS256",
' "kid": "2af90e87be140c20038898a6efa11283dab6031d"
' },
' {
' "n": "nzGsrziOYrMVYMpvUZOwkKNiPWcOPTYRYlDSdRW4UpAHdWPbPlyqaaphYhoMB5DXrVxI3bdvm7DOlo-sHNnulmAFQa-7TsQMxrZCvVdAbyXGID9DZYEqf8mkCV1Ohv7WY5lDUqlybIk1OSHdK7-1et0QS8nn-5LojGg8FK4ssLf3mV1APpujl27D1bDhyRb1MGumXYElwlUms7F9p9OcSp5pTevXCLmXs9MJJk4o9E1zzPpQ9Ko0lH9l_UqFpA7vwQhnw0nbh73rXOX2TUDCUqL4ThKU5Z9Pd-eZCEOatKe0mJTpQ00XGACBME_6ojCdfNIJr84Y_IpGKvkAEksn9w",
' "use": "sig",
' "kid": "87bbe0815b064e6d449cac999f0e50e72a3e4374",
' "e": "AQAB",
' "alg": "RS256",
' "kty": "RSA"
' }
' ]
' }
' -------------------------------------------------------------------------------------------
' Replace this with your actual token.
' This sample token contains a kid that does not match any of the above Google public keys.
' -------------------------------------------------------------------------------------------
token = "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQyZmY5MGQ3ZDM0OGM5NzM4MWE3YzExOWVmMWY1MzI0ZWEzZjViZWIifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiIxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExIiwiaWF0IjoxNjExMTE1MTQzLCJleHAiOjE2MTEyMDE1NDMsImF1ZCI6IjQyOTc1NzExNTE0ODg0OSJ9.pLem5i0bx3M7lJYj7jKv2Nq7c07X5YpZz-x1uM5RniW-v4LsX-lKIVvOq2x3-WoPqkzLXJfP0kG0dx1uD2q1NfFQK60YwKH4FnFtB6INnUP1dRVpP9_pTTKyAE28I3s5Tay4PbPdrCl7ZLCIJzCfpCW1TiWeVoPjp5HgZKTBHdP_sEkN_yO5dQerQXAkFJkV3kNgF9jI3ayT-KPqOIH6GVoWXjHFDyA2EYgJPEFRo5WSe6XycJ85p5duwT-OoBcb_kJZG9PxYd91eHlPCzp8vGxzIb2dVROCBxyM8e8W0cd9v15hfmpg9R-eG9vCM5y63ZLChZLFeHFx0Pd7hvAqfKg"
set jwt = Server.CreateObject("Chilkat.Jwt")
header = jwt.GetHeader(token)
Response.Write "<pre>" & Server.HTMLEncode( header) & "</pre>"
' Sample header:
' {"alg":"RS256","kid":"87bbe0815b064e6d449cac999f0e50e72a3e4374"}
' Load the public key matching the "kid" into a Chilkat public key object, then verify..
set json = Server.CreateObject("Chilkat.JsonObject")
success = json.Load(header)
kid = json.StringOf("kid")
Response.Write "<pre>" & Server.HTMLEncode( "kid = " & kid) & "</pre>"
set jsonPubKeys = Server.CreateObject("Chilkat.JsonObject")
success = jsonPubKeys.LoadSb(sbPubKeys)
' jsonKey is a Chilkat.JsonObject
Set jsonKey = jsonPubKeys.FindRecord("keys","kid",kid,1)
If (jsonPubKeys.LastMethodSuccess = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( "Did not find a matching public key based on the kid.") & "</pre>"
Response.End
End If
Response.Write "<pre>" & Server.HTMLEncode( jsonKey.Emit()) & "</pre>"
' Load the matching public key into a Chilkat public key object.
set pubKey = Server.CreateObject("Chilkat.PublicKey")
success = pubKey.LoadFromString(jsonKey.Emit())
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( pubKey.LastErrorText) & "</pre>"
Response.End
End If
' ----------------------------------------------------------------------------------------
' Now we can validate the JWT using Google's public key as shown in this example:
' (Except we use the public key obtained as shown above instead of a public key loaded from a PEM file.
'
' See Verify JWT Using an RSA Public Key
%>
</body>
</html>