谷歌的OAuth 2.0(JWT令牌请求)的服务应用程序 [英] Google oAuth 2.0 (JWT token request) for Service Application
问题描述
我想实现谷歌的OAuth 2此处描述服务帐户: https://developers.google.com/账户/文档/ OAuth2ServiceAccount 上UnityScript(或C# - 这并不重要,因为它们都使用相同的单声道.NET类)。
我已经在这里发现了类似的话题:有没有在C#中一个JSON网络令牌(JWT)的例子
织物令牌 - 智威汤逊 - 例如,在C,但我还是没有成功。
所有的拳,我已经生成标题和claimset(这就像谷歌文档)
<预类=郎-JS prettyprint-覆盖>
VAR头:串= GetJWTHeader();
VAR claimset:字符串= GetJWTClaimSet();
$:
结果(为了清楚起见,新行分隔) b $ b
{ALG:RS256,典型:智威汤逊}
{ISS: 425466719070-1dg2rebp0a8fn9l02k9ntr6u5o4a8lp2.apps.googleusercontent.com
范围:的 https://www.googleapis.com/auth/prediction
AUD:的https://accounts.google.com/o/oauth2/token
EXP:1340222315,
IAT:1340218715}
块引用>
基地-64编码方式:
<预类=郎-JS prettyprint-覆盖>公共静态功能Base64Encode(b:字节[]):字符串{
变种小号:字符串= Convert.ToBase64String(b);
S = s.Replace(+, - );
S = s.Replace(/,_);
S = s.Split(=[0])[0]; //删除任何尾随S'='
返回小号;
}
公共静态功能Base64Encode(S:字符串):字符串{
返回Base64Encode(Encoding.UTF8.GetBytes(S));
}
然后我做的签名。
<预类=郎-JS prettyprint-覆盖>VAR to_sign:字节[] =
Encoding.UTF8.GetBytes(Base64Encode(头)+ + Base64Encode (claimset));
变种证书:X509Certificate2 =
新X509Certificate2(google_pvt_key.ToArray(),notasecret);
VAR RSA:=的RSACryptoServiceProvider cert.PrivateKey;
VAR SGN:字符串= Base64Encode(rsa.SignData(to_signSHA256));
VAR智威汤逊:字符串= Base64Encode(头)+。 + Base64Encode(claimset)+
。 + SGN;
和则形成请求:
<预类=郎JS prettyprint-覆盖>VAR URL:字符串=https://accounts.google.com/o/oauth2/token;
变种形式:WWWForm =新WWWForm();
form.AddField(grant_type,声明);
form.AddField(assertion_type,http://oauth.net/grant_type/jwt/1.0/bearer);
form.AddField(断言,JWT);
VAR标题:哈希表= form.headers;
标题[的Content-Type] =应用/的X WWW的形式,进行了urlencoded
VAR万维网:WWW =新的WWW(URL,form.data头);
和我得到的是错误400:坏请求
的编码数据看起来像(加为清楚起见换行):
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
eyJpc3MiOiI0MjU0NjY3MTkwNzAtMWRnMnJlYnAwYThmbjlsMDJrOW50cjZ1NW80YThscDIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MDIyMjMxNSwiaWF0IjoxMzQwMjE4NzE1fQ。
lIFg7-Og_BcC5qpICLt7USwGIHUOz-vV4ADNq0AWhuRtsvFrbZn5mxk4n9r5qU66q4reTVVAtuW06DeGsdcBMNgEdIMvN6VuYQybs64p9mqrfECBYxO1FWHbUG-2On1IpowybEsRRUjZfp0jFuEY7SLE3XRaXan0k5zmejcvLQo
我花了两天时间试图弄清楚什么是错的,但我无法看到的。
此外,我找不到任何合适的文档和示例。
我想只是为了免费获赠令牌。
- 我报名正道字节?
- 什么应该claimset范围参数是什么样子?我已经试过 https://www.googleapis.com/auth/devstorage.readonly 和< A HREF =https://www.googleapis.com/auth/prediction> https://www.googleapis.com/auth/prediction 。
- 什么国际空间站参数应等于?客户端ID或邮件地址? (都试过)
- 什么是找出我的错误的方式?
- 是否有服务应用程序的任何C#库(不适用于安装的应用程序或客户端登录)
我越来越疯狂......它的工作,但它不...? - /
解决方案解决的办法是,在申请代码的所有斜线都必须反斜杠
错误的:
范围:https://www.googleapis.com/auth/prediction
AUD:https://accounts.google.com/o/oauth2/token,
正确的:
范围:HTTPS:\\ / \\ / WWW。 googleapis.com\\ / auth\\ /预测,
AUD:HTTPS:\\ / \\ / accounts.google.com\\ / o\\ \\\ / oauth2\\ /令牌,
I'm trying to implement Google oAuth 2 for service accounts described here: https://developers.google.com/accounts/docs/OAuth2ServiceAccount on UnityScript (or C# - that doesn't matter because they both use the same Mono .NET classes).
I've found similar topic here: Is there a JSON Web Token (JWT) example in C#? web-token-jwt-example-in-c but I still don't have a success.
Fist of all, I have generated header and claimset (that are just like in google documentation)
var header: String = GetJWTHeader(); var claimset: String = GetJWTClaimSet();
The result is (separated with new lines for clarity):
{"alg":"RS256","typ":"JWT"}
{"iss":"425466719070-1dg2rebp0a8fn9l02k9ntr6u5o4a8lp2.apps.googleusercontent.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://accounts.google.com/o/oauth2/token",
"exp":1340222315,
"iat":1340218715}
Base-64 encoding methods:
public static function Base64Encode(b: byte[]): String { var s: String = Convert.ToBase64String(b); s = s.Replace("+", "-"); s = s.Replace("/", "_"); s = s.Split("="[0])[0]; // Remove any trailing '='s return s; } public static function Base64Encode(s: String): String { return Base64Encode(Encoding.UTF8.GetBytes(s)); }
Then I'm making a signature.
var to_sign: byte[] = Encoding.UTF8.GetBytes(Base64Encode(header) + "." + Base64Encode(claimset)); var cert: X509Certificate2 = new X509Certificate2(google_pvt_key.ToArray(), "notasecret"); var rsa: RSACryptoServiceProvider = cert.PrivateKey; var sgn: String = Base64Encode(rsa.SignData(to_sign, "SHA256")); var jwt: String = Base64Encode(header) + "." + Base64Encode(claimset) + "." + sgn;
And then forming the request:
var url: String = "https://accounts.google.com/o/oauth2/token"; var form: WWWForm = new WWWForm(); form.AddField("grant_type", "assertion"); form.AddField("assertion_type", "http://oauth.net/grant_type/jwt/1.0/bearer"); form.AddField("assertion", jwt); var headers: Hashtable = form.headers; headers["Content-Type"] = "application/x-www-form-urlencoded"; var www: WWW = new WWW(url, form.data, headers);
And all I get is "Error 400: Bad request".
The encoded data looks like (line breaks added for clarity):
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.
eyJpc3MiOiI0MjU0NjY3MTkwNzAtMWRnMnJlYnAwYThmbjlsMDJrOW50cjZ1NW80YThscDIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MDIyMjMxNSwiaWF0IjoxMzQwMjE4NzE1fQ.
lIFg7-Og_BcC5qpICLt7USwGIHUOz-vV4ADNq0AWhuRtsvFrbZn5mxk4n9r5qU66q4reTVVAtuW06DeGsdcBMNgEdIMvN6VuYQybs64p9mqrfECBYxO1FWHbUG-2On1IpowybEsRRUjZfp0jFuEY7SLE3XRaXan0k5zmejcvLQo
I've spent two days trying to figure out what is wrong but I can't see.
Also, I couldn't find any suitable documentation and examples.
I'm trying just to recieve a token.
- Am I signing the bytes the right way?
- What should "scope" parameter in claimset look like? I've tried "https://www.googleapis.com/auth/devstorage.readonly" and "https://www.googleapis.com/auth/prediction".
- What "iss" parameter should be equal to? Client-id or e-mail address? (tried both)
- What are the ways to find out my mistake?
- Are there any C# libraries for Service Application (not for installed apps or client login)?
I'm getting crazy... It has to work, but it doesn't... :-/
解决方案The solution was that in request code all slashes have to be backslashed
WRONG:
"scope":"https://www.googleapis.com/auth/prediction", "aud":"https://accounts.google.com/o/oauth2/token",
CORRECT:
"scope":"https:\\/\\/www.googleapis.com\\/auth\\/prediction", "aud":"https:\\/\\/accounts.google.com\\/o\\/oauth2\\/token",
这篇关于谷歌的OAuth 2.0(JWT令牌请求)的服务应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!