我有一个在公司代理后面工作的 NodeJS API,我一直在尝试使用 Google 的 NodeJS 客户端进行身份验证:
const google = require('googleapis');
function getServiceAccountInfo() {
return {
type: 'service_account',
project_id: 'XXXXX',
private_key_id: 'XXXXXX',
private_key: 'XXXX',
client_email: 'XXXX',
client_id: 'XXXX',
auth_uri: 'XXXX',
token_uri: 'XXXX',
auth_provider_x509_cert_url: 'XXXX',
client_x509_cert_url: 'XXXXX'
};
}
const SCOPES = 'https://www.googleapis.com/auth/firebase.messaging';
let proxy2 = {
host: 'proxy.hkcsl.net',
port: 8080
};
const proxy3 = {
proxy: 'http://172.25.2.6:8080'
}
const proxy4 = {
proxy: {
host: '172.25.2.6',
port: 8080,
auth: {
username: '',
password: '',
},
}
}
process.env.HTTPS_PROXY = 'https://172.25.2.6:8080';
process.env.https_proxy = 'https://172.25.2.6:8080';
process.env.HTTP_PROXY = 'http://172.25.2.6:8080';
process.env.http_proxy = 'http://172.25.2.6:8080';
google.options({
proxy: proxy4.proxy
});
const key = getServiceAccountInfo();
const jwtClient = new google.auth.JWT(
key.client_email,
undefined, // null,
key.private_key,
SCOPES,
undefined, // null
);
jwtClient.authorize(function(err, tokens) {
if (err) {
console.error(err);
return;
}
console.log(tokens.access_token);
});
但是,无论我如何配置代理选项,我仍然会收到超时错误或类似的错误
ERROR Error: write EPROTO 101057795:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:827:
有些人设法通过将端口更改为 443 来修复它,但它不适用于我的情况,因为该端口在服务器内部对我不可用。我已经引用了此处提出的讨论和解决方案:
StackOverflow: node-request - Getting error “SSL23_GET_SERVER_HELLO:unknown protocol”
googleapis: There is no facility for passing a proxy to the oauth2client
Axios: Request to HTTPS with HTTP proxy fails
Using jwtClient.authenticate() behind a proxy results in ETIMEDOUT error
似乎 Vue 也遇到了类似的 problem昨天,他们从使用 axios 改为使用 request。 googleapis 是否也有类似的解决方法?
最佳答案
引用有关 proxy issues 的解决方法后使用 google-api-nodejs-client(即 googleapis)正在使用的 axios,并抓取 google-auth-library-nodejs< 的源代码 ( jwtclient.ts ) 和 node-gtoken ( index.ts ),作为临时解决方法,我编写了以下方法手动从 Google 请求 token :
const axios = require('axios-https-proxy-fix');
const querystring = require('querystring');
const jws = require('jws');
const GOOGLE_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token';
const GOOGLE_REVOKE_TOKEN_URL =
'https://accounts.google.com/o/oauth2/revoke?token=';
const SCOPES = 'https://www.googleapis.com/auth/firebase.messaging';
const PROXY = {
host: '172.25.2.6',
port: 8080,
auth: {
username: '',
password: '',
}
};
function getServiceAccountInfo() {
return {
type: 'service_account',
project_id: 'XXXX',
private_key_id: 'XXXX',
private_key: 'XXXX',
client_email: 'XXXX',
client_id: 'XXXX',
auth_uri: 'https://accounts.google.com/o/oauth2/auth',
token_uri: 'https://accounts.google.com/o/oauth2/token',
auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs',
client_x509_cert_url: 'XXXX'
};
}
function requestToken(client_email, private_key) {
const iat = Math.floor(new Date().getTime() / 1000);
const additionalClaims = {};
const payload = Object.assign(
{
iss: client_email,
scope: SCOPES,
aud: GOOGLE_TOKEN_URL,
exp: iat + 3600,
iat,
sub: undefined
},
additionalClaims);
const signedJWT =
jws.sign({header: {alg: 'RS256'}, payload, secret: private_key});
return axios({
method: 'post',
url: GOOGLE_TOKEN_URL,
data: querystring.stringify({
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion: signedJWT
}),
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
proxy: PROXY
})
.then(r => {
const body = r.data;
console.log(body);
return body.access_token;
})
.catch(e => {
const body = (e.response && e.response.data) ? e.response.data : {};
let err = e;
if (body.error) {
const desc =
body.error_description ? `: ${body.error_description}` : '';
err = new Error(`${body.error}${desc}`);
}
throw err;
});
}
const key = getServiceAccountInfo();
requestToken(key.client_email, key.private_key);
引用:GitHub
关于node.js - 无法使用代理对 googleapis 进行 JWT 身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48766209/