“错误请求” JWT OAuth身份验证流程中的消息 [英] "Bad Request" message in JWT OAuth authentication flow
问题描述
我已经按照文档中的所有说明生成了JWT令牌,但是仅收到错误请求作为响应...
i've followed all the instructions at the doc for generate JWT Token, but only receive "Bad Request" as response...
当我尝试运行时eg-01-php-jwt同样发生。我正在使用DocuSign演示环境,并使用Postman和curl模拟请求
when i try to run eg-01-php-jwt the same occurs. i'm using DocuSign demo environment and simulating requests using Postman and curl
我正在执行的步骤是:
- 以 https://account-d.docusign.com/oauth/auth?response_type = code& scope = signature%20impersonation& client_id = c0c3e3b4-87ec-46e6-afad-9f8cf9dda84c&redirect_uri = http://example.com/api/docusign/obtain-consent/callback
- 为不同的docusign沙箱帐户填写登录名和密码
- 在重定向的uri上,我获得了代码参数并在jwt.io处进行解码,从而从标题中获得了孩子的价值
- 使用子项中的孩子值生成新的jwt令牌
- 用我的私钥对jwt令牌签名
- 尝试获取一种ccess令牌并收到错误请求作为响应消息
- generating authorization uri as https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=c0c3e3b4-87ec-46e6-afad-9f8cf9dda84c&redirect_uri=http://example.com/api/docusign/obtain-consent/callback
- fill login and password for different docusign sandbox account
- at the redirected uri i get the code parameter and decode at jwt.io, getting kid value from header
- use kid value at sub to generate a new jwt token
- sign jwt token with my private key
- try to obtain access token and receive "Bad Request" as response message
我(已更新)生成的令牌是
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJjMGMzZTNiNC04N2VjLTQ2ZTYtYWZhZC05ZjhjZjlkZGE4NGMiLCJzdWIiOiI2ODE4NWZmMS00ZTUxLTRjZTktYWYxYy02ODk4MTIyMDMzMTciLCJpYXQiOjE1NTExMDA0MDksImV4cCI6MTU1MjEwMDQwOSwiYXVkIjoiYWNjb3VudC1kLmRvY3VzaWduLmNvbSIsInNjb3BlIjoic2lnbmF0dXJlIGltcGVyc29uYXRpb24ifQ.I1LhY77Rd0-op6UE3zUQvA5UxXIBzHUMyhhrwSN_TBv9ghiNAOr2aVz8Glf16bulkqSrE6A67h3DvL_VDm5NpNzcDQttjlf-CtlnBrjyt2w1niZkYnlmrUXW3SofDJkNHEj9-zQOa2XBrzTOLIhD6g2V0adBe45mwwGpMpOu0oPameUseDVEBeQ50mCZcyiMGYazEA0qeE9Ws9Rb7GxZxmOIZXaWirohmJhNfic5wHprJvA6tTwxai5-4xAwnhrjpsOWKoQRxXRkCKKcIIrKf8SEz4KOH2RCUBqMZRGys81CIDtowtLoDUeMCRKTaxnbrCFax4blJSZ8X3ptyneVpw
更新@ 2019-02-26 :
实现我想要的我需要完成授权代码流程,请从第4步中获取用户帐户ID(检索用户数据),最后在有效负载处生成带有 sub 信息的jwt令牌!
to achieve what i want i needed to complete the authorization code flow, get the user account id from step 4 (retrieve user data) and finally generate the jwt token with that info as sub at payload!
推荐答案
断言以前仅包含签名范围。 JWT身份验证要求签名模拟。
That assertion previously only included the signature scope. JWT Authentication requires signature impersonation.
现在已经更新了,还有其他一些可能的问题:
Now that that has been updated, there are a couple of other possible issues:
-
无效的用户ID。 JWT断言在
sub字段中需要一个活动的用户ID。如果用户关闭或ID不正确,则
将失败。
Invalid user ID. The JWT assertion requires an active User ID in the
subfield. If the user is closed or the ID is incorrect this will fail.
无效的签名。必须使用与正在使用的 iss /客户ID关联的RSA
私钥对JWT声明进行签名。如果
中有任何无效/编码字符或结尾空格,则签名
可能无效。
Invalid signature. The JWT assertion must be signed with an RSA
private key associated with the iss / Client ID in use. If there
are any invalid/encoding characters or trailing spaces, the signature
may not be valid.
我建议在DocuSign支持下打开一个案例。在您这一边,您只会收到错误 invalid_grant 。支持端日志记录将出现更具体的错误。为了帮助解决问题,打开案件时,请提供以下内容:
I'd recommend opening a case with DocuSign Support. On your side, you'll only receive the error invalid_grant. Support-side logging will have a more specific error. To assist with resolution, when opening a case please provide the following:
- 集成商密钥
- 演示帐户ID
- JWT声明
-
x-DocuSign-TraceToken标头值
- Integrator key
- Demo account ID
- JWT Assertion
x-DocuSign-TraceTokenheader value
这篇关于“错误请求” JWT OAuth身份验证流程中的消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
