我正在编写一些代码,以尝试从OAuth2中的Google获取 token 。这是针对服务帐户的,因此说明如下:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
当我将JWT发布到Google时,我一直收到此错误:
{“error”:“invalid_grant”,“error_description”:“无效的JWT签名。” }
这是代码:
try{
var nowInSeconds : Number = (Date.now() / 1000);
nowInSeconds = Math.round(nowInSeconds);
var fiftyNineMinutesFromNowInSeconds : Number = nowInSeconds + (59 * 60);
var claimSet : Object = {};
claimSet.iss = "{{RemovedForPrivacy}}";
claimSet.scope = "https://www.googleapis.com/auth/plus.business.manage";
claimSet.aud = "https://www.googleapis.com/oauth2/v4/token";
claimSet.iat = nowInSeconds;
claimSet.exp = fiftyNineMinutesFromNowInSeconds;
var header : Object = {};
header.alg = "RS256";
header.typ = "JWT";
/* Stringify These */
var claimSetString = JSON.stringify(claimSet);
var headerString = JSON.stringify(header);
/* Base64 Encode These */
var claimSetBaseSixtyFour = StringUtils.encodeBase64(claimSetString);
var headerBaseSixtyFour = StringUtils.encodeBase64(headerString);
var privateKey = "{{RemovedForPrivacy}}";
/* Create the signature */
var signature : Signature = Signature();
signature = signature.sign(headerBaseSixtyFour + "." + claimSetBaseSixtyFour, privateKey , "SHA256withRSA");
/* Concatenate the whole JWT */
var JWT = headerBaseSixtyFour + "." + claimSetBaseSixtyFour + "." + signature;
/* Set Grant Type */
var grantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"
/* Create and encode the body of the token post request */
var assertions : String = "grant_type=" + dw.crypto.Encoding.toURI(grantType) + "&assertion=" + dw.crypto.Encoding.toURI(JWT);
/* Connect to Google And Ask for Token */
/* TODO Upload Certs? */
var httpClient : HTTPClient = new HTTPClient();
httpClient.setRequestHeader("content-type", "application/x-www-form-urlencoded; charset=utf-8");
httpClient.timeout = 30000;
httpClient.open('POST', "https://www.googleapis.com/oauth2/v4/token");
httpClient.send(assertions);
if (httpClient.statusCode == 200) {
//nothing
} else {
pdict.errorMessage = httpClient.errorText;
}
}
catch(e){
Logger.error("The error with the OAuth Token Generator is --> " + e);
}
有谁知道为什么JWT失败了?
非常感谢!
布拉德
最佳答案
该问题可能与您的StringUtils.encodeBase64()
方法可能执行标准base64编码这一事实有关。
但是,根据JWT spec,不是需要使用标准的base64编码,而是使用the URL- and filename-safe Base64 encoding,其中省略了=
填充字符。
如果您没有方便的base64URL编码实用程序方法,则可以通过以下方式进行验证:
+
替换为-
; /
替换为_
; =
在您的base64编码的字符串中。
另外,您的签名是否也以base64编码?必须遵循与上述相同的规则。
关于oauth-2.0 - Google OAuth2中的签名中的JWT "invalid_grant",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37447036/