Visual FoxPro
Visual FoxPro
Verify a Google JWT Using Google's Public Key
See more Google APIs Examples
Demonstrates how to verify a JWT that was signed using Google's RSA private key.This example verifies the RSA signature. It also does the following:
- Checks to see if the time constraints ("nbf" and "exp") are valid.
- Recovers the original JOSE header.
- Recovers the original claims JSON.
Chilkat Visual FoxPro Downloads
LOCAL lnSuccess
LOCAL loHttp
LOCAL loSbPubKeys
LOCAL lcToken
LOCAL loJwt
LOCAL lcHeader
LOCAL loJson
LOCAL lcKid
LOCAL loJsonPubKeys
LOCAL loJsonKey
LOCAL loPubKey
lnSuccess = 0
* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
loHttp = CreateObject('Chilkat.Http')
loSbPubKeys = CreateObject('Chilkat.StringBuilder')
lnSuccess = loHttp.QuickGetSb("https://www.googleapis.com/oauth2/v3/certs",loSbPubKeys)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loHttp
RELEASE loSbPubKeys
CANCEL
ENDIF
? loSbPubKeys.GetAsString()
* Here are the keys:
* {
* "keys": [
* {
* "e": "AQAB",
* "n": "4bAT6C6EeX8Dspje3FrAXw-nnhNk04e1RmNa4kjc0CHf6Pk7ryARlwA-6YilyPABqQfYHx60s8oSnxvUVprFfQ2-Q8aAZO7bPKSxnoGlcKERL2oLNA4Msvc89N9Y5ycThZUplf_QC19e6jyYXN6Nz-UnJSCLrtQY8tVhhVRs61j4A2N_p-enAi-r704Qi1-v-DKV4eVRkClKViploo8NyjUaT9L4vbBssPCjyimJzsWnEe1fED5c4LnHeArYzA_FEn3JJotqDIz9t2VnvZNTMhizHEX4VnORlEWMEfR8n4CEHQx7PcQUOmfqyw08gWeXQl1-uTjtIGaE-sRIv9u_vQ",
* "kty": "RSA",
* "use": "sig",
* "alg": "RS256",
* "kid": "2af90e87be140c20038898a6efa11283dab6031d"
* },
* {
* "n": "nzGsrziOYrMVYMpvUZOwkKNiPWcOPTYRYlDSdRW4UpAHdWPbPlyqaaphYhoMB5DXrVxI3bdvm7DOlo-sHNnulmAFQa-7TsQMxrZCvVdAbyXGID9DZYEqf8mkCV1Ohv7WY5lDUqlybIk1OSHdK7-1et0QS8nn-5LojGg8FK4ssLf3mV1APpujl27D1bDhyRb1MGumXYElwlUms7F9p9OcSp5pTevXCLmXs9MJJk4o9E1zzPpQ9Ko0lH9l_UqFpA7vwQhnw0nbh73rXOX2TUDCUqL4ThKU5Z9Pd-eZCEOatKe0mJTpQ00XGACBME_6ojCdfNIJr84Y_IpGKvkAEksn9w",
* "use": "sig",
* "kid": "87bbe0815b064e6d449cac999f0e50e72a3e4374",
* "e": "AQAB",
* "alg": "RS256",
* "kty": "RSA"
* }
* ]
* }
* -------------------------------------------------------------------------------------------
* Replace this with your actual token.
* This sample token contains a kid that does not match any of the above Google public keys.
* -------------------------------------------------------------------------------------------
lcToken = "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQyZmY5MGQ3ZDM0OGM5NzM4MWE3YzExOWVmMWY1MzI0ZWEzZjViZWIifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiIxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExIiwiaWF0IjoxNjExMTE1MTQzLCJleHAiOjE2MTEyMDE1NDMsImF1ZCI6IjQyOTc1NzExNTE0ODg0OSJ9.pLem5i0bx3M7lJYj7jKv2Nq7c07X5YpZz-x1uM5RniW-v4LsX-lKIVvOq2x3-WoPqkzLXJfP0kG0dx1uD2q1NfFQK60YwKH4FnFtB6INnUP1dRVpP9_pTTKyAE28I3s5Tay4PbPdrCl7ZLCIJzCfpCW1TiWeVoPjp5HgZKTBHdP_sEkN_yO5dQerQXAkFJkV3kNgF9jI3ayT-KPqOIH6GVoWXjHFDyA2EYgJPEFRo5WSe6XycJ85p5duwT-OoBcb_kJZG9PxYd91eHlPCzp8vGxzIb2dVROCBxyM8e8W0cd9v15hfmpg9R-eG9vCM5y63ZLChZLFeHFx0Pd7hvAqfKg"
loJwt = CreateObject('Chilkat.Jwt')
lcHeader = loJwt.GetHeader(lcToken)
? lcHeader
* Sample header:
* {"alg":"RS256","kid":"87bbe0815b064e6d449cac999f0e50e72a3e4374"}
* Load the public key matching the "kid" into a Chilkat public key object, then verify..
loJson = CreateObject('Chilkat.JsonObject')
loJson.Load(lcHeader)
lcKid = loJson.StringOf("kid")
? "kid = " + lcKid
loJsonPubKeys = CreateObject('Chilkat.JsonObject')
loJsonPubKeys.LoadSb(loSbPubKeys)
loJsonKey = loJsonPubKeys.FindRecord("keys","kid",lcKid,1)
IF (loJsonPubKeys.LastMethodSuccess = 0) THEN
? "Did not find a matching public key based on the kid."
RELEASE loHttp
RELEASE loSbPubKeys
RELEASE loJwt
RELEASE loJson
RELEASE loJsonPubKeys
CANCEL
ENDIF
? loJsonKey.Emit()
* Load the matching public key into a Chilkat public key object.
loPubKey = CreateObject('Chilkat.PublicKey')
lnSuccess = loPubKey.LoadFromString(loJsonKey.Emit())
RELEASE loJsonKey
IF (lnSuccess = 0) THEN
? loPubKey.LastErrorText
RELEASE loHttp
RELEASE loSbPubKeys
RELEASE loJwt
RELEASE loJson
RELEASE loJsonPubKeys
RELEASE loPubKey
CANCEL
ENDIF
* ----------------------------------------------------------------------------------------
* Now we can validate the JWT using Google's public key as shown in this example:
* (Except we use the public key obtained as shown above instead of a public key loaded from a PEM file.
*
* See Verify JWT Using an RSA Public Key
RELEASE loHttp
RELEASE loSbPubKeys
RELEASE loJwt
RELEASE loJson
RELEASE loJsonPubKeys
RELEASE loPubKey