如何使用Node.js為Google服務帳戶創建JWT?
[英]How to create JWT for Google service account using Node.js?
問題描述
根據本指南,我已經使用Java示例成功為Google服務帳戶創建了JWT,並且可以正常工作。 但是,這些行對我來說仍然“神奇”:
GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();
但是我不能使用Node.js重復它。 郵遞員說“無法得到任何回應”。
這是我的代碼。
const jwt = require('jsonwebtoken');
const TOKEN_DURATION_IN_SECONDS = 3600;
const issueJWT = (
issuedAt = Math.floor(Date.now() / 1000),
serviceAccount = require('path/to/service-account.json')
) =>
jwt.sign(
{
'iss': serviceAccount.client_email,
'sub': serviceAccount.client_email,
'aud': `https://${SERVICE_NAME}/${API_NAME}`,
'iat': issuedAt,
'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
},
serviceAccount.private_key,
{
algorithm: 'RS256',
header: {
'kid': serviceAccount.private_key_id,
'typ': 'JWT',
'alg': 'RS256',
},
}
);
Onlinde解碼器顯示使用Node.js和Java創建的令牌的相同標頭和正文。
因此,我認為簽名是不同的。
通過Java的jwt:
curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"instances": [
...
]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
通過node.js的jwt:
curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
如何使用Node.js為Google服務帳戶創建JWT?
2 個解決方案
解決方案1
0 2018-07-25 15:06:54
因此,從錯誤消息來看,這似乎不是JWT的特定問題。 此Google網上論壇帖子顯示,此問題是由於使用了錯誤的CURL命令所致。 檢查curl命令的語法和訪問令牌的位置,以確保其有效。
解決方案2
0 2018-09-30 08:42:29
突然之間,現在無需更改任何代碼即可正常工作。
你如何使用 node js 創建一個谷歌雲項目和服務帳戶?
[英]how do you create a google cloud project and service account using node js?
如何使用 Google Cloud Run API 為 node.js 創建新服務?
[英]How to create a new service using the Google Cloud Run API for node.js?
服務帳戶是在node.js中查詢Google bigquery的正確憑據嗎?
[英]Is a service account the right credentials for querying google bigquery in node.js?
使用 Node.js 驗證 Google Identity CredentialResponse JWT
[英]Validate Google Identity CredentialResponse JWT using Node.js
Google API 驅動器:使用 node.js 上傳文件但是,如何使用工作區帳戶的 1TB 存儲空間而不是用於授權的 15GB 服務帳戶存儲空間?
[英]Google API Drive: Upload files using node.js but, How use the 1TB storage of a workspace account and not the 15GB of service account used to auth?
如何在 Node.js 中使用 googleapis 創建新的 Google 電子表格
[英]How to Create New Google Spreadsheet Using googleapis in Node.js
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
使用 Node.js 和服務帳戶創建 Google 聯系人
無法使用 Node.js 驗證谷歌服務帳戶
你如何使用 node js 創建一個谷歌雲項目和服務帳戶?
如何使用 Google Cloud Run API 為 node.js 創建新服務?
服務帳戶是在node.js中查詢Google bigquery的正確憑據嗎?
使用服務帳戶的Google身份驗證失敗(node.js)
使用 Node.js 驗證 Google Identity CredentialResponse JWT
Google API 驅動器:使用 node.js 上傳文件但是,如何使用工作區帳戶的 1TB 存儲空間而不是用於授權的 15GB 服務帳戶存儲空間?
如何在 Node.js 中使用 googleapis 創建新的 Google 電子表格
如何使用 Node.js 創建 Google Action?
相關標簽