根据这个guide我已经使用Java示例为Google服务帐户成功创建了JWT,并且它已经运行了。然而,这些线对我来说仍然是“神奇的”:
GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();
但我无法使用Node.js重复它。邮递员说“无法得到任何回应”。
这是我的代码。
const jwt = require('jsonwebtoken');
const TOKEN_DURATION_IN_SECONDS = 3600;
const issueJWT = (
issuedAt = Math.floor(Date.now() / 1000),
serviceAccount = require('path/to/service-account.json')
) =>
jwt.sign(
{
'iss': serviceAccount.client_email,
'sub': serviceAccount.client_email,
'aud': `https://${SERVICE_NAME}/${API_NAME}`,
'iat': issuedAt,
'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
},
serviceAccount.private_key,
{
algorithm: 'RS256',
header: {
'kid': serviceAccount.private_key_id,
'typ': 'JWT',
'alg': 'RS256',
},
}
);
Onlinde decoder显示使用Node.js和Java创建的标记的相同标题和正文。
所以,我认为签名是不同的。
通过java中的jwt:
curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"instances": [
...
]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
来自node.js的jwt:
curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
* Connection #0 to host bigtableadmin.googleapis.com left intact
如何使用Node.js为Google服务帐户创建JWT?
答案 0 :(得分:0)
因此从错误消息来看,这似乎不是JWT的特定问题。此Google网上论坛post显示该问题是由于使用了错误的CURL命令所致。检查curl命令的语法并访问令牌位置以确保其有效。
答案 1 :(得分:0)
突然之间,现在无需更改任何代码即可正常工作。