|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Validate a Google ID TokenDemonstrates how to verify the signature of a Google id token.
load ./chilkat.dll # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set http [new_CkHttp] # First get the public key we'll be needing.. set jwkStr [CkHttp_quickGetStr $http "https://www.googleapis.com/oauth2/v3/certs"] if {[CkHttp_get_LastMethodSuccess $http] == 0} then { puts [CkHttp_lastErrorText $http] delete_CkHttp $http exit } # We have the following: # { # "keys": [ # { # "kid": "e8732db06287515556213b80acbcfd08cfb302a9", # "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ", # "kty": "RSA", # "e": "AQAB", # "alg": "RS256", # "use": "sig" # }, # { # "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd", # "e": "AQAB", # "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw", # "alg": "RS256", # "use": "sig", # "kty": "RSA" # } # ] # } set json [new_CkJsonObject] set success [CkJsonObject_Load $json $jwkStr] # ------------------------------------------------- # Load the following.. # { # "access_token": "ya29.a0...0f", # "expires_in": 3599, # "scope": "openid https://www.googleapis.com/auth/userinfo.email", # "token_type": "Bearer", # "id_token": "eyJhb...o5nQ" # } set jsonToken [new_CkJsonObject] set success [CkJsonObject_LoadFile $jsonToken "qa_data/tokens/google_sample_id_token.json"] if {$success == 0} then { puts "Failed to load the JSON file..." delete_CkHttp $http delete_CkJsonObject $json delete_CkJsonObject $jsonToken exit } # Get the id_token; set sbIdToken [new_CkStringBuilder] set success [CkStringBuilder_Append $sbIdToken [CkJsonObject_stringOf $jsonToken "id_token"]] # Get the signature in base64url format. # The header + payload remains in sbIdToken. set sig_b64Url [CkStringBuilder_getAfterFinal $sbIdToken "." 1] set headerPlusPayload [CkStringBuilder_getAsString $sbIdToken] puts "$sig_b64Url" puts "$headerPlusPayload" # --------------------------------------------- # Try validating with each cert's public key. # Hopefully one will be the key that verifies. set rsa [new_CkRsa] CkRsa_put_EncodingMode $rsa "base64url" set numKeys [CkJsonObject_SizeOfArray $json "keys"] set i 0 while {$i < $numKeys} { CkJsonObject_put_I $json $i # jsonKey is a CkJsonObject set jsonKey [CkJsonObject_ObjectOf $json "keys[i]"] set pubKey [new_CkPublicKey] set success [CkPublicKey_LoadFromString $pubKey [CkJsonObject_emit $jsonKey]] if {$success == 0} then { puts [CkPublicKey_lastErrorText $pubKey] delete_CkHttp $http delete_CkJsonObject $json delete_CkJsonObject $jsonToken delete_CkStringBuilder $sbIdToken delete_CkRsa $rsa delete_CkPublicKey $pubKey exit } puts "$i" puts [CkPublicKey_getPem $pubKey 1] delete_CkJsonObject $jsonKey set success [CkRsa_ImportPublicKeyObj $rsa $pubKey] set bVerified [CkRsa_VerifyStringENC $rsa $headerPlusPayload "sha256" $sig_b64Url] puts "bVerified = $bVerified" set i [expr $i + 1] } # The output is: # 0 # -----BEGIN RSA PUBLIC KEY----- # MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw # cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz # 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y # LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm # LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ # 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB # -----END RSA PUBLIC KEY----- # # bVerified = True # 1 # -----BEGIN RSA PUBLIC KEY----- # MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn # IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB # Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8 # E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI # TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg # 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB # -----END RSA PUBLIC KEY----- # # bVerified = False delete_CkHttp $http delete_CkJsonObject $json delete_CkJsonObject $jsonToken delete_CkStringBuilder $sbIdToken delete_CkRsa $rsa delete_CkPublicKey $pubKey |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.