stackoom
  简体   繁体   中英

How to create JWT for Google service account using Node.js?

 原文  2018-05-14 14:25:07       node.js/ google-cloud-platform/ jwt

Question

According to this guide i have successfully create JWT for Google service account using Java example and it's worked. However, these lines are still "magical" for me: 

GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();

But i can't repeat it using Node.js. Postman says "Could not get any response".

Here is my code. 

const jwt = require('jsonwebtoken');

const TOKEN_DURATION_IN_SECONDS = 3600;

const issueJWT = (
  issuedAt = Math.floor(Date.now() / 1000),
  serviceAccount = require('path/to/service-account.json')
) =>
  jwt.sign(
    {
      'iss': serviceAccount.client_email,
      'sub': serviceAccount.client_email,
      'aud': `https://${SERVICE_NAME}/${API_NAME}`,
      'iat': issuedAt,
      'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
    },
    serviceAccount.private_key,
    {
      algorithm: 'RS256',
      header: {
        'kid': serviceAccount.private_key_id,
        'typ': 'JWT',
        'alg': 'RS256',
      },
    }
  );

Onlinde decoder show same header and body for tokens created using Node.js and Java.

So, i assume that signatures are different.

Via jwt from java: 

curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
  "instances": [
    ...
  ]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact

Via jwt from node.js: 

curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
  "error": {
    "code": 401,
    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See     https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}
* Connection #0 to host bigtableadmin.googleapis.com left intact

How can i create JWT for Google service account using Node.js?

2 answers

solution1
 0  2018-07-25 15:06:54

So from the error message it looks like this is not a JWT specific issue. This Google Groups post shows that the issue is due an incorrect CURL command being used. Check the curl command syntax and access token placement to make sure it is valid.

solution2
 0  2018-09-30 08:42:29

突然之间,现在无需更改任何代码即可正常工作。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create Google Contact with Node.js and Service Account Can't authenticate google service account using Node.js how do you create a google cloud project and service account using node js? How to create a new service using the Google Cloud Run API for node.js? Is a service account the right credentials for querying google bigquery in node.js? Google Authentication with Service Account fails (node.js) Validate Google Identity CredentialResponse JWT using Node.js Google API Drive: Upload files using node.js but, How use the 1TB storage of a workspace account and not the 15GB of service account used to auth? How to Create New Google Spreadsheet Using googleapis in Node.js How to create Google Action using Node.js?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM