语境
我正在关注谷歌关于启用实时开发者通知的 RTDNs指南。我已成功创建主题和订阅,并已收到发送到我创建的 API 的推送通知。我现在想对这些消息进行身份验证和验证。为此,我正在关注Authentication and Authorization 的本指南。他们的开发者文档在这里和这里都有一个看似有用的例子。
问题
遵循上述资源后,我收到以下错误:
Error: No pem found for envelope: {"typ":"JWT","alg":"HS256"}
相关代码
const authClient = new OAuth2Client();
// ...
app.post('/pubsub/authenticated-push', jsonBodyParser, async (req, res) => {
// Verify that the push request originates from Cloud Pub/Sub.
try {
// Get the Cloud Pub/Sub-generated JWT in the "Authorization" header.
const bearer = req.header('Authorization');
const [, token] = bearer.match(/Bearer (.*)/);
// Verify and decode the JWT.
// Note: For high volume push requests, it would save some network
// overhead if you verify the tokens offline by decoding them using
// Google's Public Cert; caching already seen tokens works best when
// a large volume of messages have prompted a single push server to
// handle them, in which case they would all share the same token for
// a limited time window.
// verifyIdToken is failing here with the `No pem found for envelope` error
const ticket = await authClient.verifyIdToken({
idToken: token,
audience: 'example.com',
});
// ...
} catch (e) {
res.status(400).send('Invalid token');
return;
}
res.status(200).send();
});
问题
由此,我假设我需要一些公钥。
- 我在哪里得到所说的公钥?
- 我在哪里放置所说的公钥,以便用它初始化谷歌客户端?
- 如何生成示例 JWT 来测试我的端点?
编辑
我可以在他们的代码中找到这个错误的来源:
if (!Object.prototype.hasOwnProperty.call(certs, envelope.kid)) {
// If this is not present, then there's no reason to attempt verification
throw new Error('No pem found for envelope: ' + JSON.stringify(envelope));
}
但是,我已经验证了该kid属性确实存在于解码对象中:
{"alg":"RS256","kid":"7d680d8c70d44e947133cbd499ebc1a61c3d5abc","typ":"JWT"}