python版:
# encoding=utf8 import requests import jwt import simplejson from jwt.algorithms import RSAAlgorithm TOKEN_URL = 'https://appleid.apple.com/auth/keys' KIDS = ["86D88Kf", "eXaunmL"] # 一般会返回两个kid,两个都试下 BUNDLE_ID = '' def decode_jwt(identityToken): key_req = requests.get(TOKEN_URL).json() # head = jwt.get_unverified_header(identityToken) # token_key = head['kid'] for kid in KIDS: for pub_key in key_req['keys']: if pub_key['kid'] == kid: key_core = simplejson.dumps(pub_key) # public key key = RSAAlgorithm.from_jwk(key_core) alg = pub_key['alg'] break try: claims = jwt.decode(identityToken, key=key, verify=True, algorithms=[alg], audience=BUNDLE_ID) if claims: return claims # identityToken具有过期性,如果过期了,两种kid都无法解,会抛出无法验证异常 except Exception as e: continue return None print decode_jwt(identityToken)
转载请注明:永盟博客 » Apple 授权登陆