DataFlex
DataFlex
Verify a Google JWT Using Google's Public Key
See more Google APIs Examples
Demonstrates how to verify a JWT that was signed using Google's RSA private key.This example verifies the RSA signature. It also does the following:
- Checks to see if the time constraints ("nbf" and "exp") are valid.
- Recovers the original JOSE header.
- Recovers the original claims JSON.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoHttp
Variant vSbPubKeys
Handle hoSbPubKeys
String sToken
Handle hoJwt
String sHeader
Handle hoJson
String sKid
Handle hoJsonPubKeys
Variant vJsonKey
Handle hoJsonKey
Handle hoPubKey
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbPubKeys
If (Not(IsComObjectCreated(hoSbPubKeys))) Begin
Send CreateComObject of hoSbPubKeys
End
Get pvComObject of hoSbPubKeys to vSbPubKeys
Get ComQuickGetSb Of hoHttp "https://www.googleapis.com/oauth2/v3/certs" vSbPubKeys To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComGetAsString Of hoSbPubKeys To sTemp1
Showln sTemp1
// Here are the keys:
// {
// "keys": [
// {
// "e": "AQAB",
// "n": "4bAT6C6EeX8Dspje3FrAXw-nnhNk04e1RmNa4kjc0CHf6Pk7ryARlwA-6YilyPABqQfYHx60s8oSnxvUVprFfQ2-Q8aAZO7bPKSxnoGlcKERL2oLNA4Msvc89N9Y5ycThZUplf_QC19e6jyYXN6Nz-UnJSCLrtQY8tVhhVRs61j4A2N_p-enAi-r704Qi1-v-DKV4eVRkClKViploo8NyjUaT9L4vbBssPCjyimJzsWnEe1fED5c4LnHeArYzA_FEn3JJotqDIz9t2VnvZNTMhizHEX4VnORlEWMEfR8n4CEHQx7PcQUOmfqyw08gWeXQl1-uTjtIGaE-sRIv9u_vQ",
// "kty": "RSA",
// "use": "sig",
// "alg": "RS256",
// "kid": "2af90e87be140c20038898a6efa11283dab6031d"
// },
// {
// "n": "nzGsrziOYrMVYMpvUZOwkKNiPWcOPTYRYlDSdRW4UpAHdWPbPlyqaaphYhoMB5DXrVxI3bdvm7DOlo-sHNnulmAFQa-7TsQMxrZCvVdAbyXGID9DZYEqf8mkCV1Ohv7WY5lDUqlybIk1OSHdK7-1et0QS8nn-5LojGg8FK4ssLf3mV1APpujl27D1bDhyRb1MGumXYElwlUms7F9p9OcSp5pTevXCLmXs9MJJk4o9E1zzPpQ9Ko0lH9l_UqFpA7vwQhnw0nbh73rXOX2TUDCUqL4ThKU5Z9Pd-eZCEOatKe0mJTpQ00XGACBME_6ojCdfNIJr84Y_IpGKvkAEksn9w",
// "use": "sig",
// "kid": "87bbe0815b064e6d449cac999f0e50e72a3e4374",
// "e": "AQAB",
// "alg": "RS256",
// "kty": "RSA"
// }
// ]
// }
// -------------------------------------------------------------------------------------------
// Replace this with your actual token.
// This sample token contains a kid that does not match any of the above Google public keys.
// -------------------------------------------------------------------------------------------
Move "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQyZmY5MGQ3ZDM0OGM5NzM4MWE3YzExOWVmMWY1MzI0ZWEzZjViZWIifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiIxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExIiwiaWF0IjoxNjExMTE1MTQzLCJleHAiOjE2MTEyMDE1NDMsImF1ZCI6IjQyOTc1NzExNTE0ODg0OSJ9.pLem5i0bx3M7lJYj7jKv2Nq7c07X5YpZz-x1uM5RniW-v4LsX-lKIVvOq2x3-WoPqkzLXJfP0kG0dx1uD2q1NfFQK60YwKH4FnFtB6INnUP1dRVpP9_pTTKyAE28I3s5Tay4PbPdrCl7ZLCIJzCfpCW1TiWeVoPjp5HgZKTBHdP_sEkN_yO5dQerQXAkFJkV3kNgF9jI3ayT-KPqOIH6GVoWXjHFDyA2EYgJPEFRo5WSe6XycJ85p5duwT-OoBcb_kJZG9PxYd91eHlPCzp8vGxzIb2dVROCBxyM8e8W0cd9v15hfmpg9R-eG9vCM5y63ZLChZLFeHFx0Pd7hvAqfKg" To sToken
Get Create (RefClass(cComChilkatJwt)) To hoJwt
If (Not(IsComObjectCreated(hoJwt))) Begin
Send CreateComObject of hoJwt
End
Get ComGetHeader Of hoJwt sToken To sHeader
Showln sHeader
// Sample header:
// {"alg":"RS256","kid":"87bbe0815b064e6d449cac999f0e50e72a3e4374"}
// Load the public key matching the "kid" into a Chilkat public key object, then verify..
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComLoad Of hoJson sHeader To iSuccess
Get ComStringOf Of hoJson "kid" To sKid
Showln "kid = " sKid
Get Create (RefClass(cComChilkatJsonObject)) To hoJsonPubKeys
If (Not(IsComObjectCreated(hoJsonPubKeys))) Begin
Send CreateComObject of hoJsonPubKeys
End
Get pvComObject of hoSbPubKeys to vSbPubKeys
Get ComLoadSb Of hoJsonPubKeys vSbPubKeys To iSuccess
Get ComFindRecord Of hoJsonPubKeys "keys" "kid" sKid True To vJsonKey
If (IsComObject(vJsonKey)) Begin
Get Create (RefClass(cComChilkatJsonObject)) To hoJsonKey
Set pvComObject Of hoJsonKey To vJsonKey
End
Get ComLastMethodSuccess Of hoJsonPubKeys To bTemp1
If (bTemp1 = False) Begin
Showln "Did not find a matching public key based on the kid."
Procedure_Return
End
Get ComEmit Of hoJsonKey To sTemp1
Showln sTemp1
// Load the matching public key into a Chilkat public key object.
Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
If (Not(IsComObjectCreated(hoPubKey))) Begin
Send CreateComObject of hoPubKey
End
Get ComEmit Of hoJsonKey To sTemp1
Get ComLoadFromString Of hoPubKey sTemp1 To iSuccess
Send Destroy of hoJsonKey
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPubKey To sTemp1
Showln sTemp1
Procedure_Return
End
// ----------------------------------------------------------------------------------------
// Now we can validate the JWT using Google's public key as shown in this example:
// (Except we use the public key obtained as shown above instead of a public key loaded from a PEM file.
//
// See Verify JWT Using an RSA Public Key
End_Procedure