stackoom
  简体   繁体   中英

How to generate an Azure SAS token via Javascript (node.js)

 原文  2018-08-07 14:01:27       node.js/ azure/ urlencode/ sha256/ azure-iot-hub

Question

I am trying to generate a valid SAS token (shared access signatures) to connect to the Azure IoT Hub, but I keep getting the error Connection refused: Not authorized when using the token.

I know the way I am connecting is working because when using a SAS token generated with the Microsoft Device Explorer ( https://github.com/Azure/azure-iot-sdk-csharp/tree/master/tools/DeviceExplorer ) it works as expected.

To write the Javascript code I started from this documentation https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1 comparing with some working implementations:

What am I doing wrong in the following Javascript implementation? I think it may be related to the SHA256 signature combined with URL escaping the string but I am not sure how to test/verify this. 

const crypto = require('crypto');

// on the Azure Portal:
// sharedAccessKeyName is the "policy" field
// sharedAccessKeyValue is the "primary key"

const sign = (iotHubName, expirtyDeltaInSecondsFromNow, sharedAccessKeyName, sharedAccessKeyValue) => {
  // URL encode the IoT Hub host
  const encodedSasUrl = encodeURI(`${iotHubName}.azure-devices.net`.toLowerCase());
  // calculate the expiry end datetime as an epoch
  const expiry = parseInt(Date.now() / 1000 + expirtyDeltaInSecondsFromNow);
  // combine the previous two pieces of information
  const stringToSign = `${encodedSasUrl}\n${expiry}`;
  // sign the string using the primary key (sharedAccessKeyValue) and SHA256
  const hmac = crypto.createHmac('sha256', sharedAccessKeyValue);
  hmac.update(stringToSign);
  const hash = hmac.digest('hex');
  // encode the signed hash to base64 (making sure it's URL escaped)
  const encodedSignature = hash.toString('base64');
  // put all together into the SAS token
  const sasToken = `SharedAccessSignature sig=${encodedSignature}&se=${expiry}&skn=${sharedAccessKeyName}&sr=${encodedSasUrl}`;
  console.log("sasToken:", sasToken);
  return sasToken;
}

1 answers

solution1
 1 ACCPTED  2018-08-08 03:43:47

Here is an example of generating SAS token via node.js. 

var generateSasToken = function(resourceUri, signingKey, policyName, expiresInMins) {
    resourceUri = encodeURIComponent(resourceUri);

    // Set expiration in seconds
    var expires = (Date.now() / 1000) + expiresInMins * 60;
    expires = Math.ceil(expires);
    var toSign = resourceUri + '\n' + expires;

    // Use crypto
    var hmac = crypto.createHmac('sha256', new Buffer(signingKey, 'base64'));
    hmac.update(toSign);
    var base64UriEncoded = encodeURIComponent(hmac.digest('base64'));

    // Construct autorization string
    var token = "SharedAccessSignature sr=" + resourceUri + "&sig="
    + base64UriEncoded + "&se=" + expires;
    if (policyName) token += "&skn="+policyName;
    return token;
};

What am I doing wrong in the following Javascript implementation?

I am not an expert on javascript(node.js). Maybe you can figure it out via comparing above code and yours.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Node.js reading a blob with azure and creating a SAS token How do I form an SAS token for Microsoft Azure API Management's REST API in Node.js? Azure ServiceBus SAS in Node.js SDK How to generate Account SAS token for Azure Storage? node.js apn Failed to generate token generate password reset token in node.js Download blob using url of the blob and sas token in node.js How to generate HTML with javascript on the server side (Node.js)? How to generate an MD5 file hash in JavaScript/Node.js? How to connect to an Azure Service Bus subscription with the Node.js SDK using SAS Keys?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM