在 python 中仅从 JWT 获取解码的有效负载
问题描述
有没有一种好方法(可能使用一些库)从 JWT 中获取有效负载并保存为字符串变量?除了手动解析第一个和第二个点之间的内容然后解码.
Is there a nice way (using maybe some library) to get only payload from JWT saved as string variable? Other than manually parsing it for content between first and second dots and then decoding.
解决方案
库 PyJWT 有一个选项 无需验证即可解码 JWT:
如果没有此选项,decode
函数不仅会解码令牌,还会验证签名,您必须提供匹配的密钥.这当然是推荐的方式.
但是,如果您出于某种原因只想解码有效负载,请将选项 verify_signature
设置为 false.
Without this option, the decode
function does not only decode the token but also verifies the signature and you would have to provide the matching key. And that's of course the recommended way.
But if you, for whatever reason, just want to decode the payload, set the option verify_signature
to false.
import jwt
key='super-secret'
payload={"id":"1","email":"myemail@gmail.com" }
token = jwt.encode(payload, key)
print (token)
decoded = jwt.decode(token, options={"verify_signature": False}) # works in PyJWT >= v2.0
print (decoded)
print (decoded["email"])
对于 PyJWT
v2.0使用:
For PyJWT < v2.0 use:
decoded = jwt.decode(token, verify=False) # works in PyJWT < v2.0
它返回一个字典,以便您可以单独访问每个值:
It returns a dictionary so that you can access every value individually:
b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJlbWFpbCI6Im15ZW1haWxAZ21haWwuY29tIn0.ljEqGNGyR36s21NkSf3nv_II-Ed6fNv_xZL6EdbqPvw'
b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJlbWFpbCI6Im15ZW1haWxAZ21haWwuY29tIn0.ljEqGNGyR36s21NkSf3nv_II-Ed6fNv_xZL6EdbqPvw'
{'id': '1', 'email': 'myemail@gmail.com'}
{'id': '1', 'email': 'myemail@gmail.com'}
myemail@gmail.com
myemail@gmail.com
注意:还有其他 JWT 库用于 python,这也可能与其他库.
Note: there are other JWT libs for python as well and this might also be possible with other libs.
相关文章