阿里雲遠程證明服務是一個統一的解決方案,用於驗證平台的可信度和在該平台中啟動並執行代碼的完整性。該服務支援對基於可信平台模組TPM(Trusted Platform Module)的平台進行證明,以及對可信加密執行環境TEE(Trusted Execution Environment)的狀態進行證明。本文介紹遠程證明服務的工作原理及如何使用遠程證明服務。
工作原理
阿里雲遠程證明服務以 RFC 9394 - Remote ATtestation procedureS (RATS) Architecture 為基礎,可用於驗證阿里雲安全增強型執行個體的安全狀態和可信性。該服務涉及以下角色:
證明者(Attester):使用阿里雲ECS執行個體的使用者,需要向依賴方證明ECS執行個體的身份及可信度。
依賴方(Relying Party):需要驗證證明者身份及可信度的實體,依賴方會基於TPM、TEE等度量資訊作為基準資料產生評估策略。
驗證方(Verifier):阿里雲遠程證明服務,負責將證據與評估策略進行比較,並得出驗證結果。
典型的使用方法為護照模型(Passport model)和背調模型(Backgroud-Check model),兩者之間的差異如下:
當Attester數量顯著少於Relying Party時護照模式通常有更好的擴充性。
背調模型中Relying party可以隨時聯絡Attestation Service進行遠程證明,通常而言具備更好的安全性。
計費說明
阿里雲遠程證明服務本身不收費。
但您需要對使用遠程證明服務的ECS執行個體進行付費。
遠程證明服務OpenAPI樣本
阿里雲遠程證明服務支援基於vTPM平台模組的可信計算執行個體和基於Intel SGX/TDX/Enclave的機密計算執行個體。
針對vTPM的遠程證明服務,您需要使用阿里雲帳號開通Security Center服務。
針對機密計算執行個體特性Intel SGX/TDX等的遠程證明服務,您可以通過匿名的HTTP方式訪問。
OpenID Connect (OIDC)相關API
阿里雲遠程證明服務提供OIDC標準相容的API,您可以將阿里雲遠程證明服務視為一個標準的identity provider (IdP) 服務。
阿里雲遠程證明服務通過為可信計算執行個體、機密計算執行個體頒發OIDC Token以向依賴方(Relying Party)證明ECS執行個體的身份。
依賴方可以通過OIDC的標準流程驗證OIDC Token的密碼學有效性。
OpenID Connect Discovery
OpenID Connect Discovery(OIDC Discovery)可以簡化和自動化依賴方(Relying Party)與遠程證明服務之間的互動過程。它的主要作用是允許依賴方(Relying Party)通過一個標準化的端點(即.well-known/openid-configuration)動態擷取與身分識別驗證相關的配置資訊,而無需手動設定或寫入程式碼這些資訊。
例如,您可以將阿里雲遠程證明服務配置為阿里雲RAM或AWS IAM的外部identity provider (IdP),以為可信執行個體、機密計算執行個體提供可信身份憑證。
curl https://attest.cn-beijing.aliyuncs.com/.well-known/openid-configuration請求響應樣本:
{
"authorization_endpoint": "https://attest.cn-beijing.aliyuncs.com/authorize",
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://attest.cn-beijing.aliyuncs.com",
"jwks_uri": "https://attest.cn-beijing.aliyuncs.com/jwks.json",
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://attest.cn-beijing.aliyuncs.com/token",
"userinfo_endpoint": "https://attest.cn-beijing.aliyuncs.com/userinfo"
}遠程證明vTPM可信執行個體
更多可信執行個體資訊,請參見可信計算能力概述。
上報證據
請求參數樣本(該介面需鑒權後方可調用,請參考請求結構和簽名機制進行調用):
access https://trusted-server.cn-hangzhou.aliyuncs.com?Action=PutMessage&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-************&FileData=******************請求響應樣本:
{
"PropertyName": "instance-name",
"SystemTrustDetail": {
"pcr3": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
"pcr4": "c35cef3b92c3850dc0bfa6139b25dc1c4c3d642b8587bde0fiemd847ufjxxxx",
"pcr5": "aabd7d8c76c931dabed7ea53d1c8f96036c42a29435680ddff3f3148ff70xxxx",
"pcr6": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
"pcr0": "d22aa1bba22e829456f0cfda0d87690e6c252032864643da353133f161xxxx",
"pcr1": "d9f056a703f04e4f408445752e97e92c890266d32e2ff1df3e80545aab4fxxxx",
"pcr2": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
"pcr7": "dd794f2d0c4cfa28dc9b5a3266e8516378ba551190d9844c38b890f7ad27xxxx",
"pcr8": "deb301d065009d62980110d8173e350bbd43a4997ad74bf358ce5399c0ecxxxx",
"pcr9": "ffe25e93ac7d245159184ac68c7dd5783e4cea978fafb1ad036bc861a8cdxxxx"
},
"RequestId": "D0E0C1D2-2937-54D4-9C52-XXXXXXXXXXXX",
"SystemExceptionNum": 0,
"ProgramWhiteListId": -1,
"SystemWhiteListId": 1234,
"ProgramTrustStatus": 4,
"SystemTrustStatus": 1,
"GmtModified": 1698975648000,
"ProgramWhiteListName": "",
"GmtRecentReport": 1698975648000,
"OnlineStatus": 1,
"Extensions": {
"pcr5": "d1dac9c104c63c7e24f27962f4ad1df639a3f3224b1a968a45916207cf3xxxx"
},
"PropertyPrivateIp": "1.1.X.X",
"PropertyPublicIp": "1.1.X.X",
"GmtCreate": 1698385542000,
"PropertyUuid": "c13fcabe-6683-4a9f-8cdd-xxxxxxxxxxxx",
"ProgramTrustDetail": "{}",
"ProgramExceptionNum": 0,
"PropertyAffiliation": 1
}查詢證明結果
請求參數樣本:
access https://trusted-server.cn-beijing.aliyuncs.com?Action=DescribeInstance&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-1dc58072****請求響應樣本:
{
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3****"
"data": {
"nextClientIMAIndex": 0,
"systemVerificationResult": {
"status": 1,
"code": "TrustedStatus"
},
"programVerificationResult": {
"status": 1,
"code": "TrustedStatus"
}
}
}遠程證明SGX/TDX機密執行個體
更多SGX/TDX機密執行個體資訊,請參見構建SGX機密計算環境和構建TDX機密計算環境。
擷取平台TCB資訊
請求參數樣本:
curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/tcb?fmspc=00606A000000請求響應樣本:
{
"tcbInfo": {
"version": 2,
"issueDate": "2023-10-11T08:09:33Z",
"nextUpdate": "2023-12-18T08:09:33Z",
"fmspc": "00606A000000",
"pceId": "0000",
"tcbType": 0,
"tcbEvaluationDataNumber": 12,
"tcbLevels": [{
"tcb": {
"sgxtcbcomp01svn": 4,
"sgxtcbcomp02svn": 4,
"sgxtcbcomp03svn": 3,
"sgxtcbcomp04svn": 3,
"sgxtcbcomp05svn": 255,
"sgxtcbcomp06svn": 255,
"sgxtcbcomp07svn": 0,
"sgxtcbcomp08svn": 0,
"sgxtcbcomp09svn": 0,
"sgxtcbcomp10svn": 0,
"sgxtcbcomp11svn": 0,
"sgxtcbcomp12svn": 0,
"sgxtcbcomp13svn": 0,
"sgxtcbcomp14svn": 0,
"sgxtcbcomp15svn": 0,
"sgxtcbcomp16svn": 0,
"pcesvn": 11
},
"tcbDate": "2021-11-10T00:00:00Z",
"tcbStatus": "UpToDate"
}, {
"tcb": {
"sgxtcbcomp01svn": 4,
"sgxtcbcomp02svn": 4,
"sgxtcbcomp03svn": 3,
"sgxtcbcomp04svn": 3,
"sgxtcbcomp05svn": 255,
"sgxtcbcomp06svn": 255,
"sgxtcbcomp07svn": 0,
"sgxtcbcomp08svn": 0,
"sgxtcbcomp09svn": 0,
"sgxtcbcomp10svn": 0,
"sgxtcbcomp11svn": 0,
"sgxtcbcomp12svn": 0,
"sgxtcbcomp13svn": 0,
"sgxtcbcomp14svn": 0,
"sgxtcbcomp15svn": 0,
"sgxtcbcomp16svn": 0,
"pcesvn": 10
},
"tcbDate": "2020-11-11T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"sgxtcbcomp01svn": 4,
"sgxtcbcomp02svn": 4,
"sgxtcbcomp03svn": 3,
"sgxtcbcomp04svn": 3,
"sgxtcbcomp05svn": 255,
"sgxtcbcomp06svn": 255,
"sgxtcbcomp07svn": 0,
"sgxtcbcomp08svn": 0,
"sgxtcbcomp09svn": 0,
"sgxtcbcomp10svn": 0,
"sgxtcbcomp11svn": 0,
"sgxtcbcomp12svn": 0,
"sgxtcbcomp13svn": 0,
"sgxtcbcomp14svn": 0,
"sgxtcbcomp15svn": 0,
"sgxtcbcomp16svn": 0,
"pcesvn": 5
},
"tcbDate": "2018-01-04T00:00:00Z",
"tcbStatus": "OutOfDate"
}]
},
"signature": "21750a9a4173140379971c9eeaeee8dd27364cae4fdc45e19825bcddb0e5942941cb7cad8067aaaa98c75a0a0cfa9de329eb7d875957bd633a248bc328a0xxxx"
}擷取QE身份
請求參數樣本:
curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qe/identity請求響應樣本:
{
"enclaveIdentity": {
"id": "QE",
"version": 2,
"issueDate": "2023-11-01T14:57:38Z",
"nextUpdate": "2023-12-01T14:57:38Z",
"tcbEvaluationDataNumber": 16,
"miscselect": "00000000",
"miscselectMask": "FFFFFFFF",
"attributes": "11000000000000000000000000000000",
"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
"isvprodid": 1,
"tcbLevels": [{
"tcb": {
"isvsvn": 8
},
"tcbDate": "2023-08-09T00:00:00Z",
"tcbStatus": "UpToDate"
},
{
"tcb": {
"isvsvn": 6
},
"tcbDate": "2021-11-10T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 5
},
"tcbDate": "2020-11-11T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 4
},
"tcbDate": "2019-11-13T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 2
},
"tcbDate": "2019-05-15T00:00:00Z",
"tcbStatus": "OutOfDate"
}, {
"tcb": {
"isvsvn": 1
},
"tcbDate": "2018-08-15T00:00:00Z",
"tcbStatus": "OutOfDate"
}
]
},
"signature": "593f79398d6400e62d14f1066e69e4e5bb44ed7544b18713d8020354e7601481681dc812a124672bfedd0e54ab31179fac442400c011ebca6b00c44d805bxxxx"
}擷取QvE身份
請求參數樣本:
curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qve/identity請求響應樣本:
{
"enclaveIdentity": {
"id": "QVE",
"version": 2,
"issueDate": "2023-11-01T15:45:01Z",
"nextUpdate": "2023-12-01T15:45:01Z",
"tcbEvaluationDataNumber": 16,
"miscselect": "00000000",
"miscselectMask": "FFFFFFFF",
"attributes": "01000000000000000000000000000000",
"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
"isvprodid": 2,
"tcbLevels": [{
"tcb": {
"isvsvn": 3
},
"tcbDate": "2023-08-09T00:00:00Z",
"tcbStatus": "UpToDate"
}]
},
"signature": "251bb1301cb499cb8161a9b885fad8ceeb06b497f1e4a83c8de2d0f2e9e82c3ce0f22ce2ef6c6a789dcc287bb0a1da12a822a465395b54c9046aacfee7ceaff6"
}遠程證明TDX機密虛擬機器執行個體
擷取OIDC Token
發送 TEE Evidence至阿里雲遠程證明服務,阿里雲遠程證明服務基於平台策略完成對Evidence的評估後,返回一個由阿里雲簽發的JSON Web Token(JWT, RFC 7519)。
curl -X POST https://attest.cn-beijing.aliyuncs.com/v1/attestation -d '{
"evidence": "evidencebase64",
"tee": "tdx",
// empty policy_ids means only check the cryptographic integrity of the evidence
"policy_ids": []
}'請求體的內容如下:
Name | Type | Description |
tee | string | TEE類型,支援以下類型:
|
evidence | string | URL SAFE NO PAD的Base64編碼證據。 |
policy_ids (optional) | string[] | 用於檢查證據的策略ID的列表。
|
runtime_data (optional) | json | 運行時資料,可選項。 指定runtime_data時,raw欄位應包含Base64編碼的運行時資料片段,並將其作為預期的運行時資料,與證據內的資料進行核對。 runtime_data樣本: |
響應為符合OIDC標準的JWT,具體響應樣本如下:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ2NTM1NTBjLTU1NTEtNWU2Zi05MmI1LTIyZjUzMDIyOTc1MSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2F0dGVzdC5jbi1iZWlqaW5nLmFsaXl1bmNzLmNvbSIsImN1c3RvbWl6ZWRfY2xhaW1zIjp7ImluaXRfZGF0YSI6bnVsbCwicnVudGltZV9kYXRhIjpudWxsfSwiZWF0X3Byb2ZpbGUiOiJodHRwczovL3d3dy5hbGliYWJhY2xvdWQuY29tL2hlbHAvZW4vZWNzL3VzZXItZ3VpZGUvZWF0LXByb2ZpbGUiLCJldmFsdWF0aW9uLXJlcG9ydHMiOlt7InBvbGljeS1oYXNoIjpudWxsLCJwb2xpY3ktaWQiOiJkZWZhdWx0In1dLCJleHAiOjE3NDMwMDUzNjUsImlhdCI6MTc0Mjk4Mzc2NSwiaXNzIjoiaHR0cHM6Ly9hdHRlc3QuY24tYmVpamluZy5hbGl5dW5jcy5jb20iLCJqdGkiOiIwMzljZGZjOS02ZWMxLTQxZDQtOGRhOC02YTU5NTg0YzJmYTkiLCJuYmYiOjE3NDI5ODM3NjUsInRjYi1zdGF0dXMiOiJ7XCJpbml0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwicmVwb3J0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS5tcl9jb25maWdfaWRcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkubXJfb3duZXJcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkubXJfb3duZXJfY29uZmlnXCI6XCIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBcIixcInRkeC5xdW90ZS5ib2R5Lm1yX3NlYW1cIjpcIjFjYzZhMTdhYjc5OWU5YTY5M2ZhYzc1MzZiZTYxYzEyZWUxZTBmYWJhZGE4MmQwYzk5OWUwOGNjZWUyYWE4NmRlNzdiMDg3MGY1NThjNTcwZTdmZmU1NWQ2ZDQ3ZmEwNFwiLFwidGR4LnF1b3RlLmJvZHkubXJfc2VydmljZXRkXCI6XCIzODNjODdkM2JiYjA0N2IyZDE3MWVhY2E5NTMxMmVkZTk5ZjI1ODA4OGRjNzg4ZjZhZTJjY2Y4YjZkZDg0OGZlOGQ0NzYyOWUwOGIzZjZjYmQ0YTAwZGQ0N2E1YTAzM2RcIixcInRkeC5xdW90ZS5ib2R5Lm1yX3RkXCI6XCJiMGU1MmM1OTU3NzUyM2IxN2FkNTUzYzZmZmZiMGY1ZjM0OTZkYmYzY2NjYTY5ZmJiMmVhODdjZjRmOTM4MTU3NTUwMDA1YzkyYTk4MTMwZDhkMzA1MDdjYTVjNjUyZGZcIixcInRkeC5xdW90ZS5ib2R5Lm1yc2lnbmVyX3NlYW1cIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkucmVwb3J0X2RhdGFcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS5ydG1yXzBcIjpcIjIyM2JlNjdmMWRiYzBjMmM2N2JiYWU5MTliMjk1MGY2MGY2OGFhYTlkNjA5NzM5OGFmMmRhZGE2ZDk4Zjk2NGY2YWVjY2U5YjM3NjQzYTc2NzA4ZTA3ZTBkOTUxOWY4NFwiLFwidGR4LnF1b3RlLmJvZHkucnRtcl8xXCI6XCI1YzNjZDMzNjQ4YmQ0N2I4ZDI0MjZlYzQ3NjBlMGYwZGI1MTAzYjk1NmY4ZTAzN2VmMmIxNzkzOWVkMTI1YTI5N2U5NjZmMzExMTJjMDUwYjVhMDliNDQ0ZmI2NDMyZDdcIixcInRkeC5xdW90ZS5ib2R5LnJ0bXJfMlwiOlwiMTA4MzU3YzM5ZThkYzhmMTUwYTMzNzM4NTY3YWY0NTE5MDhmODBkZGZjOGMxNDgwMWZiZDUxM2YzMDdkYTk5MDgyZWEwYWJhOGNjN2UwNDI5NDBmMzEwZTU0YzhhYjEwXCIsXCJ0ZHgucXVvdGUuYm9keS5ydG1yXzNcIjpcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkuc2VhbV9hdHRyaWJ1dGVzXCI6XCIwMDAwMDAwMDAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuYm9keS50Y2Jfc3ZuXCI6XCIwNTAxMDYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkudGRfYXR0cmlidXRlc1wiOlwiMDAwMDAwMTAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkudGVlX3RjYl9zdm4yXCI6XCIwNTAxMDYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmJvZHkueGZhbVwiOlwiZTc0MjA2MDAwMDAwMDAwMFwiLFwidGR4LnF1b3RlLmhlYWRlci5hdHRfa2V5X3R5cGVcIjpcIjAyMDBcIixcInRkeC5xdW90ZS5oZWFkZXIucmVzZXJ2ZWRcIjpcIjAwMDAwMDAwXCIsXCJ0ZHgucXVvdGUuaGVhZGVyLnRlZV90eXBlXCI6XCI4MTAwMDAwMFwiLFwidGR4LnF1b3RlLmhlYWRlci51c2VyX2RhdGFcIjpcIjJjMzBhZDEyYzAzNzFhMmMyNDlmNGE5MDMwNWMzZjU2MDAwMDAwMDBcIixcInRkeC5xdW90ZS5oZWFkZXIudmVuZG9yX2lkXCI6XCI5MzlhNzIzM2Y3OWM0Y2E5OTQwYTBkYjM5NTdmMDYwN1wiLFwidGR4LnF1b3RlLmhlYWRlci52ZXJzaW9uXCI6XCIwNTAwXCIsXCJ0ZHgucXVvdGUuc2l6ZVwiOlwiODgwMjAwMDBcIixcInRkeC5xdW90ZS50eXBlXCI6XCIwMzAwXCIsXCJ0ZHgudGRfYXR0cmlidXRlcy5kZWJ1Z1wiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMua2V5X2xvY2tlclwiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMucGVyZm1vblwiOmZhbHNlLFwidGR4LnRkX2F0dHJpYnV0ZXMucHJvdGVjdGlvbl9rZXlzXCI6ZmFsc2UsXCJ0ZHgudGRfYXR0cmlidXRlcy5zZXB0dmVfZGlzYWJsZVwiOnRydWV9IiwidGVlIjoidGR4In0.apt9yyHsJ4WoUwuqw-GivyjM_-W0m3p2p0xavtILExgAnaHMTv7hVvvuyjlnKHmLc8svTPZMAfYvbl0UJTpFkJ5TPQQ0wLijS69bsvG1mG8cltAwzI92BaAV8BdgMxUu9GWGQGaZRyEH-OJdM5HQBmo35YwCVYeNmwVGNdZ2h59D6fHIk1BUkVoPTmk0sE7aSnP_KblkfPL_Vh3ovs9MpAralCv2JO7cMCau0CqSoQTIORjh9i0BBXrt1y8y6gmpjEFDWMsIqW-k8cRhdANk_9CpBCN02jVwQXEHMnk0SAm4BCrCdyteXBNZfpN-3LCXQkkTyUEoaZXGHPm15cTbpg您可以利用JWT Debugger調試器在測試環境中驗證OIDC Token的有效性。關於JWT Claims中的具體內容和解釋,請參見遠程證明服務EAT Profile。