如何使用 Node.js 为 Google 服务帐户创建 JWT?

【问题标题】:How to create JWT for Google service account using Node.js?如何使用 Node.js 为 Google 服务帐户创建 JWT?
【发布时间】:2018-10-24 06:08:00
【问题描述】:

根据这个guide,我已经使用 Java 示例成功地为 Google 服务帐户创建了 JWT,并且可以正常工作。然而,这些台词对我来说仍然是“神奇的”:

GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);
PrivateKey privateKey = credential.getServiceAccountPrivateKey();

但我无法使用 Node.js 重复它。邮递员说“无法得到任何回应”。

这是我的代码。

const jwt = require('jsonwebtoken');

const TOKEN_DURATION_IN_SECONDS = 3600;

const issueJWT = (
  issuedAt = Math.floor(Date.now() / 1000),
  serviceAccount = require('path/to/service-account.json')
) =>
  jwt.sign(
    {
      'iss': serviceAccount.client_email,
      'sub': serviceAccount.client_email,
      'aud': `https://${SERVICE_NAME}/${API_NAME}`,
      'iat': issuedAt,
      'exp': issuedAt + TOKEN_DURATION_IN_SECONDS,
    },
    serviceAccount.private_key,
    {
      algorithm: 'RS256',
      header: {
        'kid': serviceAccount.private_key_id,
        'typ': 'JWT',
        'alg': 'RS256',
      },
    }
  );

Onlinde decoder 为使用 Node.js 和 Java 创建的令牌显示相同的标头和正文。

所以,我假设签名是不同的。

通过 java 中的 jwt:

curl --header "Authorization: Bearer {jwt-from-java}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Vary: X-Origin
< Vary: Referer
< Date: Sat, 21 Jul 2018 00:11:31 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
  "instances": [
    ...
  ]
}
* Connection #0 to host bigtableadmin.googleapis.com left intact

通过来自 node.js 的 jwt:

curl --header "Authorization: Bearer {jwt-from-node}" https://bigtableadmin.googleapis.com/v2/projects/{project-name}/instances -v
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 836
* schannel: encrypted data buffer: offset 836 length 103424
* schannel: decrypted data length: 773
* schannel: decrypted data added: 773
* schannel: decrypted data cached: offset 773 length 102400
* schannel: encrypted data length: 34
* schannel: encrypted data cached: offset 34 length 103424
* schannel: decrypted data length: 5
* schannel: decrypted data added: 5
* schannel: decrypted data cached: offset 778 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 778 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 778
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Vary: X-Origin
< Vary: Referer
< Content-Type: application/json; charset=UTF-8
< Date: Sat, 21 Jul 2018 00:08:58 GMT
< Server: ESF
< Cache-Control: private
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
  "error": {
    "code": 401,
    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See     https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}
* Connection #0 to host bigtableadmin.googleapis.com left intact

如何使用 Node.js 为 Google 服务帐户创建 JWT?

【问题讨论】:

  • 您能否提供错误的完整详细信息(可能是错误的屏幕截图)? “无法得到任何回应”非常笼统。
  • @oakinlaja 添加 curl 输出

标签: node.js google-cloud-platform jwt


【解决方案1】:

因此,从错误消息看来,这不是 JWT 特定的问题。这个 Google Groups post 表明问题是由于使用了不正确的 CURL 命令。检查 curl 命令语法并访问令牌放置以确保其有效。

【讨论】:

    【解决方案2】:

    突然之间,它可以在没有任何代码更改的情况下运行。

    【讨论】:

      猜你喜欢
      • 2019-05-06
      • 1970-01-01
      • 2021-09-30
      • 2020-04-10
      • 1970-01-01
      • 2022-11-08
      • 2015-11-08
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode