尝试连接到Google API的Google Oauth时无效的JWT [英] Invalid JWT when trying to connect to Google Oauth for google API

问题描述

我试图通过JWT通过OAuth连接到Google API，但是我一直收到此错误:

I was trying to connect to Google API through OAuth through JWT, but I keep getting this error:

{"error":"invalid_grant"，"error_description":无效的JWT:令牌必须是短期令牌并且在合理的时间范围内"}

{ "error": "invalid_grant", "error_description": "Invalid JWT: Token must be a short-lived token and in a reasonable timeframe" }

在我的JWT calim中，我将iat设置为当前时间减去1970-01-01(以秒为单位)，并将exp设置为iat + 3600，所以我不知道为什么我仍然遇到此错误.如果有人知道答案，请告诉meeeeee！

In my JWT calim I set the iat to be current time minus 1970-01-01 in seconds and exp to iat + 3600, so I do not know why I am still getting this error. If anyone knows the answer please tell meeeeee!

推荐答案

不确定您是否可以使用它，但是以下简单步骤对我来说使用PHP函数

Not sure if you ever got it to work, but the following simple steps worked for me using the PHP function openssl_sign():

//helper function
function base64url_encode($data) { 
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
}

//Google's Documentation of Creating a JWT: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

//{Base64url encoded JSON header}
$jwtHeader = base64url_encode(json_encode(array(
    "alg" => "RS256",
    "typ" => "JWT"
)));
//{Base64url encoded JSON claim set}
$now = time();
$jwtClaim = base64url_encode(json_encode(array(
    "iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
    "scope" => "https://www.googleapis.com/auth/prediction",
    "aud" => "https://www.googleapis.com/oauth2/v4/token",
    "exp" => $now + 3600,
    "iat" => $now
)));
//The base string for the signature: {Base64url encoded JSON header}.{Base64url encoded JSON claim set}
openssl_sign(
    $jwtHeader.".".$jwtClaim,
    $jwtSig,
    $your_private_key_from_google_api_console,
    "sha256WithRSAEncryption"
);
$jwtSign = base64url_encode($jwtSig);

//{Base64url encoded JSON header}.{Base64url encoded JSON claim set}.{Base64url encoded signature}
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$jwtSig;

这篇关于尝试连接到Google API的Google Oauth时无效的JWT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！