jwt1=`echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e`
jwt2=`echo -n '{\
"iss":"...@developer.gserviceaccount.com",\
"scope":"https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore",\
"aud":"https://accounts.google.com/o/oauth2/token",\
"exp":'$(($(date +%s)+3600))',\
"iat":'$(date +%s)'}' | openssl base64 -e`
jwt3=`echo -n "$jwt1.$jwt2" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`
jwt4=`echo -n "$jwt3" | openssl sha -sha256 -sign google.p12 | openssl base64 -e`
jwt5=`echo -n "$jwt4" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`
curl -H "Content-type: application/x-www-form-urlencoded" -X POST "https://accounts.google.com/o/oauth2/token" -d \
"grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=$jwt3.$jwt5"
我成功收到了一个令牌,但是当我使用它时,我被拒绝了吗?
当我从https://developers.google.com/datastore/docs/apis/v1beta1/datasets/blindWrite#try-it复制oauth2令牌时 它有效吗?
curl -X GET "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$1"
curl -X GET "https://www.googleapis.com/oauth2/v2/userinfo?access_token=$1"
curl -H "Content-type: application/json" -H "Authorization: Bearer $1" -X POST "https://www.googleapis.com/datastore/v1beta1/datasets/.../blindWrite" -d \
'{
"mutation": {
"upsert": [
{
"key": {
"path": [
{
"kind": "person",
"name": "gert"
}
]
}
}
]
}
}'
2个令牌之间的区别:
1)来自jwt(许可被拒绝)
{
"issued_to": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg.apps.googleusercontent.com",
"audience": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore",
"expires_in": 3588,
"email": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg@developer.gserviceaccount.com",
"verified_email": true,
"access_type": "offline"
}
{
"email": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg@developer.gserviceaccount.com",
"verified_email": true
}
2)来自https://developers.google.com/datastore/docs/apis/v1beta1/datasets/blindWrite#try-it(作品)
{
"issued_to": "292824132082.apps.googleusercontent.com",
"audience": "292824132082.apps.googleusercontent.com",
"user_id": "116469479527388802962",
"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/plus.me",
"expires_in": 3568,
"email": "gert.cuykens@gmail.com",
"verified_email": true,
"access_type": "online"
}
{
"id": "116469479527388802962",
"email": "gert.cuykens@gmail.com",
"verified_email": true
}
我的jwt收到令牌有什么问题? 我如何让jwt工作?
答案 0 :(得分:1)
为了使用您的Cloud Datastore实例正确配置服务帐户,您必须使用Cloud Console中所述的documentation创建服务帐户。
或者,如果您确实想要使用[Google API控制台] [3]创建的服务帐户,则可以执行以下操作: