[英]How to create JWT for Google service account using Node.js?
根據本指南,我已經使用Java示例成功為Google服務帳戶創建了JWT,並且可以正常工作。 但是,這些行對我來說仍然“神奇”:
GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();
但是我不能使用Node.js重復它。 郵遞員說“無法得到任何回應”。
這是我的代碼。
const jwt = require('jsonwebtoken');
const TOKEN_DURATION_IN_SECONDS = 3600;
const issueJWT = (
issuedAt = Math.floor(Date.now() / 1000),
serviceAccount = require('path/to/service-account.json')
) =>
jwt.sign(
{
'iss': serviceAccount.client_email,
'sub': serviceAccount.client_email,
'aud': `https://${SERVICE_NAME}/${API_NAME}`,
'iat': issuedAt,
'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
},
serviceAccount.private_key,
{
algorithm: 'RS256',
header: {
'kid': serviceAccount.private_key_id,
'typ': 'JWT',
'alg': 'RS256',
},
}
);
Onlinde解碼器顯示使用Node.js和Java創建的令牌的相同標頭和正文。
因此,我認為簽名是不同的。
通過Java的jwt:
curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"instances": [
...
]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
通過node.js的jwt:
curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
如何使用Node.js為Google服務帳戶創建JWT?
因此,從錯誤消息來看,這似乎不是JWT的特定問題。 此Google網上論壇帖子顯示,此問題是由於使用了錯誤的CURL命令所致。 檢查curl命令的語法和訪問令牌的位置,以確保其有效。
突然之間,現在無需更改任何代碼即可正常工作。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.