我正在努力通过Apps脚本运行GCP云功能。云功能需要身份验证。但是我不断抛出“ 401错误”
在“我的Google项目”中;
到目前为止,这是我的脚本:
const CREDS = {....JSON Key I downloaded from Cloud Console}
function base64Encode(str){
let encoded = Utilities.base64EncodeWebSafe(str)
return encoded.replace(/=+$/,'')
}
function encodeJWT(){
const privateKey = `Copied the PK from the CREDs file and replaced all the escaped whitespace as a string literal`;
let header = JSON.stringify({
alg: "RS256",
typ: "JWT",
});
let encodedHeader = base64Encode(header);
const now = Math.floor(Date.now() / 1000);
let payload = JSON.stringify({
"iss": "https://accounts.google.com",
"azp": "OAUTH CLIENT ID I CREATED ON GCP",
"aud": "OAUTH CLIENT ID I CREATED ON GCP",
"sub": CREDS.client_id,
"email": CREDS.client_email,
"email_verified": true,
// "at_hash": "TMTv8_OtKA539BBRxLoTBw", //Saw this in a reverse engineered Token but didnt know what to put
"iat": now.toString(),
"exp": (now + 3600).toString()
})
let encodedPayload = base64Encode(payload);
let toSign = [encodedHeader, encodedPayload].join('.')
let signature = Utilities.computeRsaSha256Signature(toSign, privateKey)
let encodedSignature = base64Encode(signature);
let jwt = [toSign, encodedSignature].join('.')
return jwt;
}
function testFireStore() {
let funcUrl = "https://[MY PROJECT].cloudfunctions.net/MyFunc"
const token = encodeJWT()
let options = {
headers:{
"Authorization": "Bearer " + token
}
}
let func = UrlFetchApp.fetch(funcUrl,options)
Logger.log(func.getContentText())
}
实际的Cloud func暂时仅提供一个“ Hello World”,并且可以在控制台中正常测试
仅供参考,我已经完成了一些步骤
答案 0 :(得分:0)
This Solution解决了该问题。
在GCP方面,我进入并启用了计算引擎和App Engine,然后使用了该解决方案,它就起作用了。
唯一奇怪的是, target_audience 在那里请求,我必须做一些逆向工程才能获得它。我必须从命令行工具中获取身份令牌,然后使用jwt.io对其进行解码,并获得AUD密钥...
但除此之外,每个人的工作都像魅力一样