如何使用JWT for Google firebase生成身份验证令牌?

时间:2017-09-25 00:50:57

标签: swift firebase oauth jwt vapor

所以我试图authenticate the Firebase REST API. 我使用Vapor framework作为服务器端swift,我安装了JWT package

我试图使用from bs4 import BeautifulSoup文件和JWT中的数据来生成身份验证令牌。

以下是我尝试过的代码:

serviceAccountKey.json

serviceAccountKey.json 

let payload = try JSON(node: [
        "iat": Date().timeIntervalSince1970,
        "exp": Date().timeIntervalSince1970 + 3600,
        "iss": "client_email from serviceAccountKey.json",
        "aud": "https://accounts.google.com/o/oauth2/token",
        "scope": [
            "https://www.googleapis.com/auth/firebase.database",
            "https://www.googleapis.com/auth/userinfo.email"
        ]
    ])
    let privateKey = "copied from serviceAccountKey.json"

    let signer = try HS256(bytes: privateKey.bytes)

    let jwt = try JWT(payload: payload, signer: signer)
    let token = try jwt.createToken()
    print(token)

2 个答案:

答案 0 :(得分:4)

此时我正在使用Xcode 8.3.3。 Package.swift包含:

let package = Package(
name: "StripePayment",
dependencies: [
    .Package(url: "https://github.com/vapor/vapor.git", majorVersion: 1, minor: 5),
    .Package(url:"https://github.com/vapor/jwt.git", majorVersion: 0,minor: 8),
     .Package(url: "https://github.com/SwiftyJSON/SwiftyJSON.git", versions: Version(1, 0, 0)..<Version(3, .max, .max))

],
exclude: [
    "Config",
    "Database",
    "Localization",
    "Public",
    "Resources",
    "Tests",
]
)

如果您生成服务帐户凭据,则需要记住以下内容,取自https://cloud.google.com/storage/docs/authentication:您可以通过为服务帐户创建OAuth客户端ID,在Cloud Platform控制台中创建私钥。您可以使用JSON和PKCS12格式获取私钥:

如果您在Google Cloud Platform之外的生产环境中使用his answer,则需要JSON密钥。 JSON密钥无法转换为其他格式。许多不同的编程语言和库都支持PKCS12(.p12)。如果需要,您可以使用OpenSSL(Application Default Credentials)将密钥转换为其他格式。但是,PKCS12密钥无法转换为JSON格式。

注意:您需要在console.cloud.google.com上生成服务帐户。请按照下面列出的步骤1 ... 6进行操作。

  1. 转到see Converting the private key to other formats,单击您的项目,在“概述”旁边单击“轮子设置”,单击“服务帐户”,滚动到页面底部,然后单击“生成新私钥”。

  2. 使用OpenSSL将p.12(a.k.a pkcs12)文件转换为.pem(a.k.a pkcs1)

    cat /path/to/xxxx-privatekey.p12 | openssl pkcs12 -nodes -nocerts -passin pass:notasecret | openssl rsa > /path/to/secret.pem

  3. 转到github并搜索https://console.firebase.google.com并将其导入Xcode。它将帮助您创建签名的JSON Web令牌。

  4. 在这个github页面上,您将学习如何提取私钥以供RSA使用。

  5. 将.pem转换为der openssl rsa -in /path/to/secret.pem -outform der -out /path/to/private.der

  6. 将.der转换为.base64
    openssl base64 -in /path/to/private.der -out /path/to/Desktop/private.txt
    在private.txt中,您拥有在base64中编码的私钥,您最终可以使用它来签署您的JWT。然后,您可以使用已签名的JWT拨打Google API。

    7. ``

     import Vapor
 import VaporJWT

 let drop = Droplet()
 var tokenID:String!

 //set current date
 let dateNow = Date()

 // assign to expDate the validity period of the token returned by OAuth server (3600 seconds)
 var expDate = String(Int(dateNow.timeIntervalSince1970 + (60 * 60)))

// assign to iatDate the time when the call was made to request an access token
 var iatDate = String(Int(dateNow.timeIntervalSince1970))

// the header of the JSON Web Token (first part of the JWT)
 let headerJWT = ["alg":"RS256","typ":"JWT"]

 // the claim set of the JSON Web Token
 let jwtClaimSet =
   ["iss":"firebase-adminsdk-c7i38@fir-30c9e.iam.gserviceaccount.com",
     "scope":"https://www.googleapis.com/auth/firebase.database",
     "aud":"https://www.googleapis.com/oauth2/v4/token",
     "exp": expDate,
     "iat": iatDate]


 //Using VaporJWT construct a JSON Web Token and sign it with RS256 algorithm
 //The only signing algorithm supported by the Google OAuth 2.0 Authorization     
 //Server is RSA using SHA-256 hashing algorithm.

  let jwt = try JWT(headers: Node(node: headerJWT), payload: Node(node:jwtClaimSet), encoding: Base64URLEncoding(), signer: RS256(encodedKey: "copy paste here what you have in private.txt as explained at point 7 above "))

 // create the JSON Web Token
  let JWTtoken = try jwt.createToken()
 let grant_type = "urn:ietf:params:oauth:grant-type:jwt-bearer" // this value must not be changed
   let unreserved = "*-._"
   let allowed = NSMutableCharacterSet.alphanumeric()
    allowed.addCharacters(in: unreserved)

// percent or URL encode grant_type
 let grant_URLEncoded = grant_type.addingPercentEncoding(withAllowedCharacters: allowed as CharacterSet)

 // create a string made of grant_type and assertion. NOTE!!! only grant_type's value is URL encoded.
 //JSON Web Token value does not need to be URL encoded
   var fullString = "grant_type=\(grant_URLEncoded!)&assertion=\(JWTtoken)"


  //pass fullString in the body parameter
   drop.get("call") { request in


    let response =  try drop.client.post("https://www.googleapis.com/oauth2/v4/token", headers: ["Content-Type": "application/x-www-form-urlencoded"], query: [:],body: fullString)

   let serverResp = response.headers
   let serverBody = response.body.bytes
      let serverJson = try JSON(bytes: serverBody!)
        print(serverJson)

     return "Success"

答案 1 :(得分:1)

如果你只想让事情变得有效,最好使用1.5.0版本

.Package(url: "https://github.com/gtchance/FirebaseSwift.git", Version(1,5,0)),

使用传统秘密。项目设置&gt;服务帐户&gt;数据库秘密

相关问题
最新问题