1. 首页
  2. 文章资讯

苹果账号登录后端验证两种方式 python2

11 阅读 0 评论 

import time
import jwt  
import requests  
import json 
import base64

def decode_jwt(jwt_token):
    try:
        h,p,s = jwt_token.split('.')
    except:
        return {},{},{},"","",""
    header = json.loads(base64.urlsafe_b64decode(h + '==='))  # 可能需要调整填充
    payload = json.loads(base64.urlsafe_b64decode(p + '==='))  # 可能需要调整填充
    sign = base64.urlsafe_b64decode(s + '===')  # 可能需要调整填充
    return header,payload,sign,h,p,s

def auth_apple_by_token(client_id,client_secret,code):
    """
    使用token方式 
    """
    url = "https://appleid.apple.com/auth/token"
    params = {
        'client_id':client_id,
        'client_secret':client_secret,
        'code':code,
        'grant_type':"authorization_code",
    }
    headers = {'Content-Type': 'application/x-www-form-urlencoded'}
    r = requests.post(url,data=params,headers=headers)
    print r.status_code
    print r.json()
    if r.status_code != 200:
        return
    rjson = r.json()
    id_token,access_token = rjson['id_token'],rjson['access_token']
    header,payload,sign,h,p,s = decode_jwt(id_token)

def auth_apple_by_keys(id_token):
    """
    使用keys 方式
    """    
    header,payload,sign,h,p,s = decode_jwt(id_token)

    url = "https://appleid.apple.com/auth/keys"
    r = requests.get(url)
    keys = r.json()['keys']
    n,e = '',''
    for x in keys:
        if x['kid'] == header['kid']:
            n,e = x['n'],x['e']
            break
    if not n:
        n = keys[0]['n']
        e = keys[0]['e']

    n_bytes = base64.urlsafe_b64decode(str(n)+"===")
    e_bytes = base64.urlsafe_b64decode(str(e)+"===")
    n,e = 0,0
    for byte in e_bytes:
        e = (e << 8) | ord(byte)
    for byte in n_bytes:
        n = (n << 8) | ord(byte)

    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives import serialization,hashes
    from cryptography.hazmat.primitives.asymmetric import rsa, padding
    #构建公钥
    public_key = rsa.RSAPublicNumbers(e, n).public_key(default_backend())
    # 如果需要,可以将公钥序列化为PEM格式
    pem = public_key.public_bytes(serialization.Encoding.PEM,serialization.PublicFormat.SubjectPublicKeyInfo)
    #print(pem)
    try:
        decoded = jwt.decode(id_token, key=pem, algorithms=['RS256'],verify=True,audience=payload['aud'])
        print 'valid1'
    except Exception as e:
        print 'invalid1'

    # 另一种验证方式
    # hp = h + "." + p
    # now_ts = time.time()
    # try:
    #     public_key.verify(sign,hp,padding.PKCS1v15(),hashes.SHA256())
    #     if now_ts <= payload['exp']:
    #         print 'valid2'
    #     else:
    #         print 'invalid22'
    # except Exception as e:
    #     print 'invalid2',e


token = ""

auth_apple_by_keys(token)

相关链接 : https://www.jianshu.com/p/655972b0e7da

本站资源均来自互联网,仅供研究学习,禁止违法使用和商用,产生法律纠纷本站概不负责!如果侵犯了您的权益请与我们联系!

转载请注明出处: 免费源码网-免费的源码资源网站 » 苹果账号登录后端验证两种方式 python2

点赞(0) 打赏

评论列表 共有 0 条评论

暂无评论

微信公众账号

微信扫一扫加关注

 发表
评论 返回
顶部