JSX
https://oauth.provider.com/auth?
client_id=YOUR_CLIENT_ID
&response_type=code
&scope=read_profile write_posts JSX
// 1. Генерируем случайное значение state
const state = generateRandomString();
// 2. Сохраняем его локально (например, в сессии)
session.setState(state);
// 3. Добавляем в URL авторизации
const authUrl = `https://oauth.provider.com/auth?
client_id=YOUR_CLIENT_ID
&response_type=code
&state=${state}
&redirect_uri=YOUR_REDIRECT_URI`; JSX
// При получении ответа от OAuth провайдера
function handleCallback(request) {
// Получаем state из ответа
const receivedState = request.query.state;
// Получаем сохранённый state
const savedState = session.getState();
// Сравниваем значения
if (receivedState !== savedState) {
throw new Error('State mismatch - possible CSRF attack');
}
// Продолжаем процесс авторизации
// ...
} Сергей
JSON
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c iat, а также дату истечения срока действия, обозначаемую полем exp. После истечения срока действия токен становится невалидным.PYTHON
import jwt
from cryptography.hazmat.primitives import serialization
# Load the public key
with open("public_key.pem", "rb") as key_file:
public_key = serialization.load_pem_public_key(
key_file.read()
)
# The JWT token received from the client
token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
try:
# Decode and verify the token
payload = jwt.decode(token, public_key, algorithms=["RS256"])
print("Token is valid. Payload:", payload)
except jwt.ExpiredSignatureError:
print("Token has expired")
except jwt.InvalidTokenError:
print("Token is invalid") public_key.pem. В указанном примере он представлен в виде сертификата.JSX
[https://www.notion.so/native/oauth2callback?state=eyJjYWxsYmFja1R5cGUiOiJuYXRpdmVyZWRpcmVjdCIsImVuY3J5cHRlZFRva2VuIjoidjAyOmdddfffZ29vZ2xlOm9ya3Jxdkg5dWF1S1JBX1l5QVVwYzN6NG5YWEZqSmJHT3JSc19kM3RxUHdBa2FDSWtEUURXUGthTFJSbmxwVjhheF9wU3pkX3lCVGFDZjFLUkZzUDhINk96Y2xsbjFaaGZUZEw2ZHpvUHR5REZKZ293VmRubHpXV0o1cUw4TGctSnM2YSJ9&code=4%2F0AVG7fiQbn2fVVpSXlGflu5woXQGjH4_J93SgFRFfMvkc_HSWCSLfgNSmlKHvR1eBvuh2nQ&scope=email profile https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile openid https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=none](https://www.notion.so/native/oauth2callback?state=eyJjYWxsYmFja1R5cGUiOiJuYXRpdmVyZWRpcmVjdCIsImVuY3J5cHRlZFRva2VuIjoidjAyOmxvZ2luX3dpdGhfZ29vZ2xlOm9ya3Jxdkg5dWF1S1JBX1l5QVVwYzN6NG5YWEZqSmJHT3JSc19kM3RxUHdBa2FDSWtEUURXUGthTFJSbmxwVjhheF9wU3pkX3lCVGFDZjFLUkZzUDhINk96Y2xsbjFaaGZUZEw2ZHpvUHR5REZKZ293VmRubHpXV0o1cUw4TGctSnM2YSJ9&code=4%2F0AVG7fiQbn2fVVpSXlGflu5woXQGjH4_J93SgFRFfMvkc_HSWCSLfgNSmlKHvR1eBvuh2nQ&scope=email%20profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20openid%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=none) Сергей