【发布时间】:2020-03-14 09:24:25
【问题描述】:
我正在使用来自 Google Cloud Platform 的服务帐户进行服务器到服务器身份验证。根据Google's documentation,请求令牌 (JWT) 必须基于 RSA SHA-256 算法,因此使用 RSA 证书私钥签名并使用其各自的公钥解码。
如何让 google api 知道公钥?
我知道 Google 有自己的 RSA certificates,但我不知道如何准确使用它们。
那么,我应该使用什么 RSA 私钥/公钥来进行 google 的 oauth2 令牌编码?
以下是代码摘录:
import jwt from 'jsonwebtoken'
const axios = require('axios')
const fs = require('fs')
const {
google
} = require('googleapis')
// oauth2 token uri
const GSUITE_AUD = 'https://oauth2.googleapis.com/token'
const payload = {
iss: 'example@example.iam.gserviceaccount.com',
scope: 'https://www.googleapis.com/auth/admin.directory.user',
aud: GSUITE_AUD,
}
const options = {
algorithm: 'RS256',
expiresIn: '10m'
}
const fetchGSuiteUsersUtil = () => {
let path = require('path'),
privateKeyFilePath = path.join(__dirname, 'private.key')
const privateKey = fs.readFileSync(privateKeyFilePath, 'utf-8')
const request_token = jwt.sign(payload, privateKey, options)
authorize(request_token, listUsers)
function authorize(request_token, callback) {
const TOKEN_URI = GSUITE_AUD
const data = {
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion: request_token
}
axios.post(TOKEN_URI, data)
.then((res) => {
console.log(`statusCode: ${res.statusCode}`)
console.log(res)
// callback(res)
})
.catch((error) => {
/**
* Here i get the error 'Invalid JWT signature' and sounds logic
* since it doesn't know the public key for the RSA certificated
* private key that i used
*
*/
console.error(error)
})
}
function listUsers(auth) {
const service = google.admin({
version: 'directory_v1',
auth,
})
service.users.list({
customer: 'my_customer',
orderBy: 'email',
maxResults: 500,
query: 'orgUnitPath=/'
},
async(err, res) => {
// Do things once i get the token..
})
}
}
export default fetchGSuiteUsersUtil
【问题讨论】:
标签: node.js google-cloud-platform oauth-2.0 google-workspace google-cloud-iam