如何使用Node.js为Google服务帐户创建JWT？

Question

According to this guide i have successfully create JWT for Google service account using Java example and it's worked. 根据本指南，我已经使用Java示例成功为Google服务帐户创建了JWT，并且可以正常工作。 However, these lines are still "magical" for me: 但是，这些行对我来说仍然“神奇”：

GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();

But i can't repeat it using Node.js. 但是我不能使用Node.js重复它。 Postman says "Could not get any response". 邮递员说“无法得到任何回应”。

Here is my code. 这是我的代码。

const jwt = require('jsonwebtoken');

const TOKEN_DURATION_IN_SECONDS = 3600;

const issueJWT = (
  issuedAt = Math.floor(Date.now() / 1000),
  serviceAccount = require('path/to/service-account.json')
) =>
  jwt.sign(
    {
      'iss': serviceAccount.client_email,
      'sub': serviceAccount.client_email,
      'aud': `https://${SERVICE_NAME}/${API_NAME}`,
      'iat': issuedAt,
      'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
    },
    serviceAccount.private_key,
    {
      algorithm: 'RS256',
      header: {
        'kid': serviceAccount.private_key_id,
        'typ': 'JWT',
        'alg': 'RS256',
      },
    }
  );

Onlinde decoder show same header and body for tokens created using Node.js and Java. Onlinde解码器显示使用Node.js和Java创建的令牌的相同标头和正文。

So, i assume that signatures are different. 因此，我认为签名是不同的。

Via jwt from java: 通过Java的jwt：

curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
  "instances": [
    ...
  ]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact

Via jwt from node.js: 通过node.js的jwt：

curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
  "error": {
    "code": 401,
    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See     https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}
* Connection #0 to host bigtableadmin.googleapis.com left intact

How can i create JWT for Google service account using Node.js? 如何使用Node.js为Google服务帐户创建JWT？

Answer 1

So from the error message it looks like this is not a JWT specific issue. 因此，从错误消息来看，这似乎不是JWT的特定问题。 This Google Groups post shows that the issue is due an incorrect CURL command being used. 此Google网上论坛帖子显示，此问题是由于使用了错误的CURL命令所致。 Check the curl command syntax and access token placement to make sure it is valid. 检查curl命令的语法和访问令牌的位置，以确保其有效。

Answer 2

突然之间，现在无需更改任何代码即可正常工作。

如何使用Node.js为Google服务帐户创建JWT？

问题描述

2 个解决方案

解决方案1
0 2018-07-25 15:06:54

解决方案2
0 2018-09-30 08:42:29

如何使用Node.js为Google服务帐户创建JWT？

问题描述

2 个解决方案

解决方案1 0 2018-07-25 15:06:54

解决方案2 0 2018-09-30 08:42:29

解决方案1
0 2018-07-25 15:06:54

解决方案2
0 2018-09-30 08:42:29