尝试使用 JWT 以及 Java Auth 客户端 API 调用来获取访问令牌,但没有成功。
使用下面的 Java 客户端 API 代码,我得到异常“java.net.SocketTimeoutException:连接超时”。
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("@developer.gserviceaccount.com")
.setServiceAccountPrivateKeyFromP12File(new File("<publickey>-privatekey.p12"))
.setServiceAccountScopes("https://www.googleapis.com/auth/devstorage.full_control")
.build();
credential.refreshToken();
System.out.println("access token : " + credential.getAccessToken());
System.out.println("refresh token : " + credential.getRefreshToken());
如果我们删除对“credential.refreshtoken()”的调用,它会返回空访问密钥和刷新密钥。有人可以指导我并告诉我哪里出错了吗?
同样使用下面列出的直接 JWT 令牌进行身份验证,我得到响应 "{"error" : "invalid_grant"}" 错误代码 400 :
private static PrivateKey getPrivateKey(String keyFile, String alias, String password)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException
{
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(keyFile), password.toCharArray());
PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password.toCharArray());
return privateKey;
}
public static String sign(PrivateKey privateKey, JsonFactory jsonFactory,
String header, String payload) throws Exception {
System.out.println("header : " + header + " : " + Base64.encodeBase64URLSafeString(header.getBytes()));
System.out.println("payload : " + payload + " : " + Base64.encodeBase64URLSafeString(payload.getBytes()));
String content = Base64.encodeBase64URLSafeString(header.getBytes()) + "."
+ Base64.encodeBase64URLSafeString(payload.getBytes());
byte[] contentBytes = StringUtils.getBytesUtf8(content);
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initSign(privateKey);
signer.update(contentBytes);
byte[] signature = signer.sign();
String signedContent = content + "." + Base64.encodeBase64URLSafeString(signature);
System.out.println("signedContent:" + signedContent);
return signedContent;
}
public static void main(String args[]) {
HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
JsonFactory JSON_FACTORY = new JacksonFactory();
String header = "{\"alg\":\"RS256\",\"typ\":\"JWT\"} ";
String payload = "{\"iss\":\"*******@developer.gserviceaccount.com\",\"scope\":\"https://www.googleapis.com/auth/devstorage.full_control\",\"aud\":\"https://accounts.google.com/o/oauth2/token\",\"exp\": " + new Date().getTime() + ",\"iat\":" + (new Date().getTime() + 3600000) + "}";
PrivateKey serviceAccountPrivateKey = getPrivateKey("<public_key>-privatekey.p12", "privatekey", "notasecret");
String assertion = sign(serviceAccountPrivateKey, JSON_FACTORY, header, payload);
}
稍后将此断言传递给 API“ https://accounts.google.com/o/oauth2/token ”,并使用此生成的断言和授权类型 "urn:ietf:params:oauth:grant-type:jwt-bearer" ,给出响应"{"error" : "invalid_grant"}" 错误代码为 400。
有人可以帮助我并建议我哪里出错了吗?