如何在php中使用Google RISC API注册端点

我一直在阅读并尝试实现"使用跨帐户保护保护用户帐户"文档中的指示

到目前为止，我所做的如下：

JWT::$leeway = 60;
$key = file_get_contents('location.json');
$time = time();
$payload = [
"iss" => "account email",
"sub" => "account email",
"aud" => "https://risc.googleapis.com/google.identity.risc.v1beta.RiscManagementService",
"iat" => $time,
"exp" => $time + 3600,
];
/**
* IMPORTANT:
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
*/
$jwt = JWT::encode($payload, $key);
$decoded = JWT::decode($jwt, $key, ['HS256']);
print_r($jwt);
print_r($decoded);
$client = new Client();
try {
$request = $client->post('https://risc.googleapis.com/v1beta/stream:update', [
'headers' => [
'Authorization' => 'Bearer ' . $jwt,
'Accept' => 'application/json',
],
'form_params' => [
'delivery' => [
'delivery_method' => 'https://schemas.openid.net/secevent/risc/delivery-method/push',
'url' => 'https://test.myapp.com/webhooks/google',
],
'events_requested' => [
'https://schemas.openid.net/secevent/oauth/event-type/tokens-revoked',
],
],
]);
$response = $request->getBody();
dd($response);
} catch (ClientException $exception) {
dd($exception->getResponse()->getBody()->getContents());
}

我面临的问题：

• 从我在文档中读到的内容来看，我不太了解如何使用JWT，我在实现中做错了什么
• 这些例子是用JAVA编写的，但我需要用php编写，我试着阅读了JAVA代码，但不明白其中的一些内容
• 根据我所读的内容，我想我将无法在本地环境中测试这些事件？这就是为什么这些事件要在本地触发？或者像超级钩子这样的服务会允许这样做吗？否则，我将不得不直接在服务器上测试端点

我从上面的代码中得到的错误是Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.

尝试下面建议的编码RS256会给我错误UnexpectedValueException: Algorithm not allowed。我相信我确实缺乏关于JWT的必要知识，并且在那里做错了什么。