如何使用Node.js为Google服务帐户创建JWT?
[英]How to create JWT for Google service account using Node.js?
问题描述
根据本指南,我已经使用Java示例成功为Google服务帐户创建了JWT,并且可以正常工作。 但是,这些行对我来说仍然“神奇”:
GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();
但是我不能使用Node.js重复它。 邮递员说“无法得到任何回应”。
这是我的代码。
const jwt = require('jsonwebtoken');
const TOKEN_DURATION_IN_SECONDS = 3600;
const issueJWT = (
issuedAt = Math.floor(Date.now() / 1000),
serviceAccount = require('path/to/service-account.json')
) =>
jwt.sign(
{
'iss': serviceAccount.client_email,
'sub': serviceAccount.client_email,
'aud': `https://${SERVICE_NAME}/${API_NAME}`,
'iat': issuedAt,
'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
},
serviceAccount.private_key,
{
algorithm: 'RS256',
header: {
'kid': serviceAccount.private_key_id,
'typ': 'JWT',
'alg': 'RS256',
},
}
);
Onlinde解码器显示使用Node.js和Java创建的令牌的相同标头和正文。
因此,我认为签名是不同的。
通过Java的jwt:
curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"instances": [
...
]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
通过node.js的jwt:
curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
如何使用Node.js为Google服务帐户创建JWT?
2 个解决方案
解决方案1
0 2018-07-25 15:06:54
因此,从错误消息来看,这似乎不是JWT的特定问题。 此Google网上论坛帖子显示,此问题是由于使用了错误的CURL命令所致。 检查curl命令的语法和访问令牌的位置,以确保其有效。
解决方案2
0 2018-09-30 08:42:29
突然之间,现在无需更改任何代码即可正常工作。
你如何使用 node js 创建一个谷歌云项目和服务帐户?
[英]how do you create a google cloud project and service account using node js?
如何使用 Google Cloud Run API 为 node.js 创建新服务?
[英]How to create a new service using the Google Cloud Run API for node.js?
服务帐户是在node.js中查询Google bigquery的正确凭据吗?
[英]Is a service account the right credentials for querying google bigquery in node.js?
使用 Node.js 验证 Google Identity CredentialResponse JWT
[英]Validate Google Identity CredentialResponse JWT using Node.js
Google API 驱动器:使用 node.js 上传文件但是,如何使用工作区帐户的 1TB 存储空间而不是用于授权的 15GB 服务帐户存储空间?
[英]Google API Drive: Upload files using node.js but, How use the 1TB storage of a workspace account and not the 15GB of service account used to auth?
如何在 Node.js 中使用 googleapis 创建新的 Google 电子表格
[英]How to Create New Google Spreadsheet Using googleapis in Node.js
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
使用 Node.js 和服务帐户创建 Google 联系人
无法使用 Node.js 验证谷歌服务帐户
你如何使用 node js 创建一个谷歌云项目和服务帐户?
如何使用 Google Cloud Run API 为 node.js 创建新服务?
服务帐户是在node.js中查询Google bigquery的正确凭据吗?
使用服务帐户的Google身份验证失败(node.js)
使用 Node.js 验证 Google Identity CredentialResponse JWT
Google API 驱动器:使用 node.js 上传文件但是,如何使用工作区帐户的 1TB 存储空间而不是用于授权的 15GB 服务帐户存储空间?
如何在 Node.js 中使用 googleapis 创建新的 Google 电子表格
如何使用 Node.js 创建 Google Action?
相关标签