我需要将使用IdentityServer3实现的身份验证服务器与JWT的Firebase服务集成,如下所述:
这里谷歌说:
将新服务帐户的公钥/私钥对JSON文件复制到您的帐户 身份验证服务器并使用它对令牌进行签名。
示例(不完全)JSON文件:
Intent intent = new Intent("com.google.android.wearable.action.STOPWATCH" );
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK );
startActivity(intent);
在我的IdentityServer中,我有一个生成JWT令牌的资源所有者客户端,但是我通过.pfx文件对IdToken和AccessToken进行了签名,我将其加载如下:
{
"type": "service_account",
"project_id": "xxx-c4004",
"private_key_id": ".....",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE.....\n-----END PRIVATE KEY-----\n",
"client_email": ".....",
"client_id": "....",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-.....com"
}
然后我将它分配给IdentityServer OWIN配置中的SigningCertificate属性。
我不知道如何使用JSON文件签署令牌,Google也没有对此进行过多描述。
我创建了另一个方法来解析私钥并将其作为字节发送到X509Certificate2构造函数但它没有工作:
/// <summary>
/// Load the certificate that sign the Id or Jw token
/// </summary>
/// <returns></returns>
private static X509Certificate2 LoadCertificate()
{
string baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
return new X509Certificate2(
Path.Combine(AppDomain.CurrentDomain.BaseDirectory, ConfigMngr.GetAppSettingsValue<string>("IdSrv:SigningCertificatePath")), ConfigMngr.GetAppSettingsValue<string>("IdSrv:SigningCertificatePassword"));
}
它引发了一个例外:
{&#34;找不到请求的对象。\ r \ n&#34;}
使用StackTrace:
在 System.Security.Cryptography.CryptographicException.ThrowCryptographicException(的Int32 hr)at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertBlobType(字节[] rawData)at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(字节[] rawData,Object password,X509KeyStorageFlags keyStorageFlags)at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(字节[] rawData)at ...(我的代码)
那么请帮忙吗?