我得到
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
当我试图从谷歌获得访问令牌时。我在关注https://developers.google.com/identity/protocols/OAuth2ServiceAccount.我想我生成JWT令牌的方式可能不正确?
var header = { "alg": "RS256", "typ": "JWT" };
var body = {
iss:'simplify-dev-calendar@simplify-dev-1188.iam.gserviceaccount.com',
scope: 'https://www.googleapis.com/auth/calendar',
aud: 'https://www.googleapis.com/oauth2/v4/token',
exp: Date.now() + ONE_HOUR,
iat: Date.now(),
};
var token = jsrsasign.jws.JWS.sign('RS256', header, body, googleServicePrivateKey);
return Q.Promise(function(resolve, reject) {
superagent.post('https://www.googleapis.com/oauth2/v4/token')
.set('Content-Type', 'application/x-www-form-urlencoded')
.send({
grant_type: encodeURIComponent('urn:ietf:params:oauth:grant-type:jwt-bearer'),
assertion: token
})
.end(function(err, res) {
if (err) return reject(err);
resolve(res.body);
});
});
我的googleServicePrivateKey看起来像
'-----BEGIN PRIVATE KEY-----nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCNPsOIG1HGgMhPnG...
Isit ok?用那些n?
好的,使用kjwt解决了问题,并省略了到期/发布日期。