无效签名 - Google JWT API [英] Invalid Signature - Google JWT API
本文介绍了无效签名 - Google JWT API的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试图签署Google 0Auth2的请求(在PHP中)
这是我的代码:
I'm trying to sign a request for Google 0Auth2 (in PHP) Here's my code:
$jwtHeader = $this->base64url_encode(json_encode(array(
"alg" => "RS256",
"typ" => "JWT"
)));
$now = time();
$jwtClaim = $this->base64url_encode(json_encode(array(
"iss" => "xxxxxxxxxxxxxxx.xxx.gserviceaccount.com",
"scope" => "https://www.googleapis.com/auth/prediction",
"aud" => "https://www.googleapis.com/oauth2/v4/token",
"iat" => $now,
"exp" => $now + 3600,
)));
$sign = hash_hmac('SHA256', $jwtHeader.".".$jwtClaim, $secret);
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$sign;
$client = new \GuzzleHttp\Client();
$res = $client->post('https://www.googleapis.com/oauth2/v4/token', ['headers' => ['Content-Type: application/x-www-form-urlencoded'], 'form_params' => ['grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $jwtAssertion]]);
if ($res->getStatusCode() == 200) {
return $res->getBody()->getContents();
}
//BASE64 METHOD
public function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
我得到的回应是
The response I get is
{
"error": "invalid_grant",
"error_description": "Invalid JWT Signature."
}
现在已经持续了几个小时,仍然出现同样的错误。任何人都会遇到这个?
我会很感激任何建议。
Been on this for some hours now, still getting same error. Anyone come across this? I would appreciate any suggestion.
推荐答案
好吧,为了那些可能遇到同样问题的人。这是我解决它的方法:
Okay for the sake of those that might encounter the same issue. This how I solved it:
$jwtHeader = $this->base64url_encode(json_encode(array(
"alg" => "RS256",
"typ" => "JWT"
)));
$now = time();
$jwtClaim = $this->base64url_encode(json_encode(array(
"iss" => "xxxxxxxxxxxxxxxxxx.xxx.gserviceaccount.com",
"scope" => "https://www.googleapis.com/auth/prediction",
"aud" => "https://www.googleapis.com/oauth2/v4/token",
"iat" => $now,
"exp" => $now + 3600,
)));
$secret = "-----BEGIN PRIVATE KEY-----\nxxxxxxxxxxxxxxxxxx\n-----END PRIVATE KEY-----\n";
$binary_signature = "";
$algo = "SHA256";
openssl_sign($jwtHeader.".".$jwtClaim, $binary_signature, $secret, $algo);
$jwtSign = $this->base64url_encode($binary_signature);
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$jwtSign;
$client = new \GuzzleHttp\Client();
$res = $client->post('https://www.googleapis.com/oauth2/v4/token', ['headers' => ['Content-Type: application/x-www-form-urlencoded; charset=utf-8'], 'form_params' => ['grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $jwtAssertion]]);
if ($res->getStatusCode() == 200) {
return $res->getBody()->getContents();
}
public function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
这可以按预期工作。
这篇关于无效签名 - Google JWT API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文