[英]JWT signature for both node.js and browsers
我想使用 node.js 和浏览器验证 Salesforce 的 OAuth 2.0 JWT 承载流。
我使用以下命令在 Windows 上创建了一个公钥和一个私钥。
openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout salesforce.key -out salesforce.crt
我尝试了 JWT 使用panva/jose
使用以下 Typescript 代码签名
import { SignJWT } from "jose";
import serverKey from "../../../credential/salesforce.key?raw";
export async function jwtSign() {
const assertion = await new SignJWT({ prn: import.meta.env.VITE_SF_MAIL })
.setProtectedHeader({ alg: 'RS256' })
.setIssuer(import.meta.env.VITE_SF_CLIENT_ID)
.setAudience(import.meta.env.VITE_SF_AUDIENCE)
.setExpirationTime('15h')
.sign(new TextEncoder().encode(serverKey));
return assertion;
}
但我收到以下错误。
Key must be one of type KeyObject or CryptoKey. Received an instance of Uint8Array
TypeError: Key must be one of type KeyObject or CryptoKey. Received an instance of Uint8Array
at asymmetricTypeCheck (D:\repository\PROJECT\node_modules\jose\dist\node\cjs\lib\check_key_type.js:17:15)
at checkKeyType (D:\repository\PROJECT\node_modules\jose\dist\node\cjs\lib\check_key_type.js:44:9)
at FlattenedSign.sign (D:\repository\PROJECT\node_modules\jose\dist\node\cjs\jws\flattened\sign.js:55:41)
at CompactSign.sign (D:\repository\PROJECT\node_modules\jose\dist\node\cjs\jws\compact\sign.js:14:43)
at SignJWT.sign (D:\repository\PROJECT\node_modules\jose\dist\node\cjs\jwt\sign.js:22:20)
at Module.jwtSign (D:/repository/PROJECT/src/lib/app/service/func.ts:10:9)
at load (D:/repository/PROJECT/src/routes/+page.server.ts:8:10)
at load_server_data (file:///D:/repository/PROJECT/node_modules/@sveltejs/kit/src/runtime/server/page/load_data.js:32:41)
at file:///D:/repository/PROJECT/node_modules/@sveltejs/kit/src/runtime/server/page/index.js:168:19
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
我该如何解决这个错误?
或者有没有其他方法来实现它?
用await importPKCS8(serverKey, 'RS256')
替换new TextEncoder().encode(serverKey)
)
importPKCS8
( docs ) 是 function 用于导入 PKCS8 格式的非对称私钥。
I'm working on a similar function in a project, I found that as Filip Skokan said, it works using await importPKCS8(serverKey, 'RS256'), but even when I got a token, I check in JWT.io and get "无效签名”。 这可能是什么原因,Filip Skokan,您能否分享如何实现 Salesforce JWT OAuth 2.0 承载流程或分享一些资源,我们可以在哪里逐步查看?
提前致谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.