Gitkit Java客户端库-验证令牌签名时遇到问题:无效的受众 [英] Gitkit Java client library - Trouble verifying token signature: Invalid audience
问题描述
我们在令牌验证过程中遇到了问题.我们有以下例外情况:
We're struggling with an issue during the token verification. We have the following exception:
java.security.SignatureException: Invalid audience: xxx-platform. Should be: 787384428332-32charsofidxxxxxxxx.apps.googleusercontent.com
at com.google.identitytoolkit.JsonTokenHelper$AudienceChecker.check(JsonTokenHelper.java:67)
at net.oauth.jsontoken.JsonTokenParser.verify(JsonTokenParser.java:156)
at net.oauth.jsontoken.JsonTokenParser.verify(JsonTokenParser.java:103)
at net.oauth.jsontoken.JsonTokenParser.verifyAndDeserialize(JsonTokenParser.java:116)
at com.google.identitytoolkit.JsonTokenHelper.verifyAndDeserialize(JsonTokenHelper.java:46)
at com.google.identitytoolkit.GitkitClient.validateToken(GitkitClient.java:126)
at com.google.identitytoolkit.GitkitClient.validateTokenInRequest(GitkitClient.java:154)
at com.some.package.user.GitKitUserService.getGitkitUserFromRequest(GitKitUserService.groovy:25)
我们已经多次检查了gitkit-server-config.json文件,他似乎已纠正并指向有效的.p12文件.正确找到并打开了p12(因为删除它时出现FileNotFoundException或更改它时解析错误...),但由于验证程序为空,验证失败... 在这里:
We have checked many times the gitkit-server-config.json file, he seems to correct and points to a valid .p12 file. The p12 is correctly found and opened (since we have a FileNotFoundException when we remove it, or parsing error when we alter it...) but the validation fails because of a null verifier... Here it is:
{
"clientId": "707385568332-32charsofidxxxxxxxx.apps.googleusercontent.com",
"projectId": "xxx-platform",
"serviceAccountEmail": "xxx@xxx-platform.iam.gserviceaccount.com",
"serviceAccountPrivateKeyFile": "/an/existing/path/xxx-platform-44d0379d237c.p12",
"widgetUrl": "https://example.com/authentication/authenticate",
"cookieName": "gtoken"
}
我们当然可以提供可能需要的任何其他信息,我们确实会遇到这个问题!
Of course we can provide any additional information that might be required, we're really stuck with this issue!
预先感谢您提供任何线索!
Thank in advance for any clue!
推荐答案
我将分享我今天较早设置的经验,以防它对您有所帮助:
I'll just share my experience from setting up earlier today incase it can help you:
String token = cookie.getValue();
try {
GitkitClient gitkitClient = GitkitClient.newBuilder()
.setGoogleClientId("206268081687-u5mg1cl3teeeo635vrsuj8uotdi7meqq.apps.googleusercontent.com")
//.setGoogleClientId("effortless-edge-119904")
.setServiceAccountEmail("tables@effortless-edge-119904.iam.gserviceaccount.com")
.setCookieName("gtoken")
.setWidgetUrl("http://localhost:8080/gitkit")
.setKeyStream(new ClassPathResource("tables-8271416a8e0c.p12").getInputStream()).build();
GitkitUser gitkitUser = gitkitClient.validateToken(token);
给我
java.security.SignatureException: Gitkit token audience(effortless-edge-119904)
doesn't match projectId or clientId in server configuration
这有效:
try {
GitkitClient gitkitClient = GitkitClient.newBuilder()
.setGoogleClientId("effortless-edge-119904")
.setServiceAccountEmail("tables@effortless-edge-119904.iam.gserviceaccount.com")
.setCookieName("gtoken")
.setWidgetUrl("http://localhost:8080/gitkit")
.setKeyStream(new ClassPathResource("tables-8271416a8e0c.p12").getInputStream()).build();
GitkitUser gitkitUser = gitkitClient.validateToken(token);
logger.info("Validated gitkit token");
这篇关于Gitkit Java客户端库-验证令牌签名时遇到问题:无效的受众的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!