使用自定义身份验证为 Cloud Endpoints 创建不记名令牌
[英]Create bearer token for Cloud Endpoints with custom authentication
问题描述
I'm trying to configure Cloud Endpoints as a front end for GKE.
我正在尝试将 Cloud Endpoints 配置为 GKE 的前端。 As part of such I'm manually trying to create a jwt.作为其中的一部分,我手动尝试创建 jwt。 But when I try to use it as a bearer token I get the following response.但是当我尝试将其用作不记名令牌时,我得到以下响应。
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Type: application/json
Date: Mon, 08 Feb 2021 16:28:06 GMT
Server: nginx
Transfer-Encoding: chunked
WWW-Authenticate: Bearer, error="invalid_token"
{
"code": 16,
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"detail": "auth",
"stackEntries": []
}
],
"message": "JWT validation failed: Bad JWT format: should have 2 dots"
}
I create a private and public key using openssl我使用 openssl 创建了一个私钥和公钥
openssl genrsa -out jwt-key 4096
openssl rsa -in jwt-key -pubout > jwt-key.pub
Then I use Python to create the JWT itself然后我使用 Python 创建 JWT 本身
import jwt
import datetime
private_key = open('jwt-key').read()
#public_key = open('jwt-key.pub').read()
aud = 'https://echo.api.some.com'
payload = {
'iss': 'iss',
'sub': 'sub',
'aud': aud,
'iat': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=30)
}
token = jwt.encode(payload, private_key, algorithm='RS256')
print(token)
I use the output of the above Python script as argument to my http Authorization header我使用上述 Python 脚本的 output 作为我的 http 授权 Z099FB996346F331E9E749 的参数
Authorization: Bearer $TOKEN
I have also uploaded the public key to a storage bucket and referenced that in my openapi specification but I'm pretty sure that's irrelevant in regards to my error.我还将公钥上传到存储桶并在我的 openapi 规范中引用了它,但我很确定这与我的错误无关。
Any clue about what I'm doing wrong?关于我做错了什么的任何线索?
1 个解决方案
解决方案1
2 已采纳 2021-02-09 05:23:25
Based on your comment and my comments from earlier:根据您的评论和我之前的评论:
The error that says Bad JWT format: should have 2 dots makes it look like the problem might be related to the token string itself.显示Bad JWT format: should have 2 dots使它看起来问题可能与令牌字符串本身有关。 JWT strings should normally have two dots in them, and I think the format generally looks like this: header.payload.verify_signature according to the example on the jwt.io website . JWT strings should normally have two dots in them, and I think the format generally looks like this: header.payload.verify_signature according to the example on the jwt.io website .
If your token string doesn't have two dots in it, perhaps part of the token string is missing and might need to be regenerated using your script.如果您的令牌字符串中没有两个点,则可能缺少部分令牌字符串,并且可能需要使用您的脚本重新生成。
When I tried running your script on my side, I used the PyJWT module for the import jwt part and ran this on Python 3.6.5 on a Linux-based OS.当我尝试在我这边运行您的脚本时,我将PyJWT模块用于import jwt部分,并在基于 Linux 的操作系统上的 Python 3.6.5 上运行它。 After running the openssl commands you listed and then running your script, I ended up with a generated JWT string that has two dots within it.在运行您列出的 openssl 命令并运行您的脚本后,我最终得到了一个生成的 JWT 字符串,其中包含两个点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.