[英]Computing the JWT signature for Google OAuth Service Account using erlang?
I have created google service account and have JSON file containing private_key
, client_email
etc.我已经创建了 google 服务帐户并有包含
private_key
、 client_email
等的 JSON 文件。
JWT should be created to get access token . 应该创建 JWT来获取访问令牌。
I have followed following step我遵循了以下步骤
Header computation:标头计算:
Header = jsx:encode(#{<<"alg">> => <<"RS256">>,<<"typ">> => <<"JWT">>}).
Base64Header = base64:encode(Header).
Claims computation:理赔计算:
Claims = jsx:encode(#{
<<"iss">> => <<"google-123@some-test.iam.gserviceaccount.com">>,
<<"scope">> => <<"https://www.googleapis.com/auth/cloud-platform">>,
<<"aud">> => <<"https://www.googleapis.com/oauth2/v4/token">>,
<<"exp">> => 1471629262,
<<"iat">> => 1471627282
}).
Base64Claims = base64:encode(Claims).
Input = {Base64Header}.{Base64Claim}
And, How we can sign the UTF-8 representation of the Input
using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private_key
to compute JWT Signature?而且,我们如何使用 SHA256withRSA(也称为具有 SHA-256 哈希函数的 RSASSA-PKCS1-V1_5-SIGN)和
private_key
对Input
的 UTF-8 表示进行签名以计算 JWT 签名?
There are libraries already built to do this.已经建立了一些库来做到这一点。 One (which I am using) is Erlang JOSE .
一个(我正在使用)是Erlang JOSE 。
%% In OTP 17 or later
Signed = jose_jwt:sign(RSAPrivate, #{ <<"alg">> => <<"RS256">> }, Payload),
{_JWS, Token} = jose_jws:compact(Signed).
请查看https://github.com/kivra/oauth2_client从 1.4.0 版开始,它支持使用服务帐户凭据 JSON 文件进行授权,我使用示例https://github.com创建了一个拉取请求/kivra/oauth2_client/pull/26 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.