Google服务帐户身份验证的签名字节
[英]signature bytes for Google service accounts authentication
问题描述
How do I make an authentication request for Google service accounts API REST? 
如何提出Google服务帐户API REST的身份验证请求?
Authentication Docs: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests 身份验证文档: https : //developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizing请求
I'm not sure what the values for signature is supposed to be? 我不确定签名的值应该是什么?
{"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp":1328554385,
"iat":1328550785
}.
[signature bytes]
The docs just say "signature bytes". 文档只是说“签名字节”。 Where do I get this "signature"? 我在哪里可以得到这个“签名”?
Header: 标头:
{"alg":"RS256","typ":"JWT"}
Claim: 要求:
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/devstorage.readonly",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp":1328554385,
"iat":1328550785
}
Signature: 签名:
{Base64url encoded header}.{Base64url encoded claim set}
The signature appears to just be the header combined with the claim, each separately base64 encoded. 签名似乎只是与声明结合在一起的标头,每个标头分别以base64编码。
If you take the dump from the example, the signature is not the combination of the JWT header and claim set. 如果从示例中进行转储,则签名不是JWT标头和声明集的组合。
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.
eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ.
ixOUGehweEVX_UKXv5BbbwVEdcz6AYS-6uQV6fGorGKrHf3LIJnyREw9evE-gs2bmMaQI5_UbabvI4k-mQE4kBqtmSpTzxYBL1TCd7Kv5nTZoUC1CmwmWCFqT9RE6D7XSgPUh_jF1qskLa2w0rxMSjwruNKbysgRNctZPln7cqQ
1 个解决方案
解决方案1
0 2016-03-18 15:40:20
You can use Google Oauth 2.0 endpoints to create web server applications that use Oauth 2.0 authorization access to Google APIs. 您可以使用Google Oauth 2.0端点创建Web服务器应用程序,该应用程序使用对Google API的Oauth 2.0授权访问。 Oauth 2.0 server directs the user back to your application along with a single use authorization code. Oauth 2.0服务器将用户与一次性使用授权代码一起引导回您的应用程序。 Your application exchange this authorization code for an access token. 您的应用程序将此授权码交换为访问令牌。
To make an authentication request in RESTful client server, you have to put a token within the HTTP Headers, so that the request is authenticated. 要在RESTful客户端服务器中发出身份验证请求,您必须在HTTP标头中放置一个令牌,以便对请求进行身份验证。 This is what OAuth 2.0 does. 这就是OAuth 2.0的功能。 See the RFC 6749 参见RFC 6749
See this article for some details about RESTful authentication in client-server based on JSON and REST. 有关基于JSON和REST的客户端服务器中的RESTful身份验证的一些详细信息,请参阅本文 。
Signature are not required for the actual API calls once the token has been generated. 令牌生成后,实际的API调用不需要签名。 OAuth 2.0 has only one security token and no signature required. OAuth 2.0只有一个安全令牌,不需要签名。 Check this stack overflow ticket which discuss about signature: How is OAuth 2 different from OAuth 1? 检查讨论签名的此堆栈溢出票证: OAuth 2与OAuth 1有何不同?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.