google-cloud-datastore - 谷歌数据存储令牌未授权？

Question

jwt1=`echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e`

jwt2=`echo -n '{\
"iss":"...@developer.gserviceaccount.com",\
"scope":"https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore",\
"aud":"https://accounts.google.com/o/oauth2/token",\
"exp":'$(($(date +%s)+3600))',\
"iat":'$(date +%s)'}' | openssl base64 -e`

jwt3=`echo -n "$jwt1.$jwt2" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`

jwt4=`echo -n "$jwt3" | openssl sha -sha256 -sign google.p12 | openssl base64 -e`

jwt5=`echo -n "$jwt4" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`

curl -H "Content-type: application/x-www-form-urlencoded" -X POST "https://accounts.google.com/o/oauth2/token" -d \
"grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=$jwt3.$jwt5"

我成功收到了一个令牌，但是当我使用它时，我的权限被拒绝了？

当我从https://developers.google.com/datastore/docs/apis/v1beta1/datasets/blindWrite#try-it复制 oauth2 令牌时，它可以工作吗？

curl -X GET "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$1"
curl -X GET "https://www.googleapis.com/oauth2/v2/userinfo?access_token=$1"
curl -H "Content-type: application/json" -H "Authorization:  Bearer $1" -X POST "https://www.googleapis.com/datastore/v1beta1/datasets/.../blindWrite" -d \
'{
 "mutation": {
  "upsert": [
   {
    "key": {
     "path": [
      {
       "kind": "person",
       "name": "gert"
      }
     ]
    }
   }
  ]
 }
}'

2个令牌之间的区别：

1）来自jwt（权限被拒绝）

{
 "issued_to": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg.apps.googleusercontent.com",
 "audience": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg.apps.googleusercontent.com",
 "scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore",
 "expires_in": 3588,
 "email": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg@developer.gserviceaccount.com",
 "verified_email": true,
 "access_type": "offline"
}
{
 "email": "522156758812-u8hj8dhnk5br3vnpqqvuscievhbnl0gg@developer.gserviceaccount.com",
 "verified_email": true
}

2）来自https://developers.google.com/datastore/docs/apis/v1beta1/datasets/blindWrite#try-it（有效）

{
 "issued_to": "292824132082.apps.googleusercontent.com",
 "audience": "292824132082.apps.googleusercontent.com",
 "user_id": "116469479527388802962",
 "scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/plus.me",
 "expires_in": 3568,
 "email": "gert.cuykens@gmail.com",
 "verified_email": true,
 "access_type": "online"
}
{
 "id": "116469479527388802962",
 "email": "gert.cuykens@gmail.com",
 "verified_email": true
}

我的 jwt 收到的令牌有什么问题？我如何使 jwt 也可以工作？

在此处输入图像描述