"Invalid IAP credentials: Base64 decode failed on token:" 在 Google 云 [.NET] 上访问 API
"Invalid IAP credentials: Base64 decode failed on token:" while accessing APIs on Google Cloud[.NET]
我正在尝试使用以下代码获取访问令牌以验证 Google 服务帐户。此代码返回一个令牌。我尝试使用收到的令牌从 Postman 访问 API,但收到错误消息“无效的 IAP 凭据:令牌上的 Base64 解码失败:”。仅供参考,我正在使用 Google's OAuth library for .NET.
这是我收到的令牌
ya29.c.Ko4B4Act579buZYyeoPgvOwuKREoi981lSLUQxA03SzAPGQuPY9Z3CXSnkouFdO4wj1lRwhGJxCLlnLlVsmLBySYf1VWQIbtSf8wMbIzW5b7n6mXeQgb-xk8SXwNZsLqxHprGlj-Zr35YrvoBzQPE6_OEQSD7g90g3Y-3DDnkCqs1m_K-udBVIVVYJ3lDQ
代码
class Program
{
public const string SCOPE_READONLY = "https://www.googleapis.com/auth/userinfo.profile";
public const string KEYFILE_PATH_READONLY = @"../../keys/XXXjson";
public const string CLIENT_EMAIL_READONLY = "YYY@XXX.iam.gserviceaccount.com";
static void Main(string[] args)
{
var token = GoogleServiceAccount.GetAccessTokenFromJSONKey(
KEYFILE_PATH_READONLY,
SCOPE_READONLY);
Console.WriteLine(token);
}
}
.
public class GoogleServiceAccount
{
/// <summary>
/// Get Access Token From JSON Key Async
/// </summary>
/// <param name="jsonKeyFilePath">Path to your JSON Key file</param>
/// <param name="scopes">Scopes required in access token</param>
/// <returns>Access token as string Task</returns>
public static async Task<string> GetAccessTokenFromJSONKeyAsync(string jsonKeyFilePath, params string[] scopes)
{
using (var stream = new FileStream(jsonKeyFilePath, FileMode.Open, FileAccess.Read))
{
return await GoogleCredential
.FromStream(stream) // Loads key file
.CreateScoped(scopes) // Gathers scopes requested
.UnderlyingCredential // Gets the credentials
.GetAccessTokenForRequestAsync("https://accounts.google.com/o/oauth2/auth"); // Gets the Access Token
}
}
/// <summary>
/// Get Access Token From JSON Key
/// </summary>
/// <param name="jsonKeyFilePath">Path to your JSON Key file</param>
/// <param name="scopes">Scopes required in access token</param>
/// <returns>Access token as string</returns>
public static string GetAccessTokenFromJSONKey(string jsonKeyFilePath, params string[] scopes)
{
return GetAccessTokenFromJSONKeyAsync(jsonKeyFilePath, scopes).Result;
}
}
我使用了不正确的方式来获取令牌。 here.
描述了通过 IAP 的确切方式
我正在尝试使用以下代码获取访问令牌以验证 Google 服务帐户。此代码返回一个令牌。我尝试使用收到的令牌从 Postman 访问 API,但收到错误消息“无效的 IAP 凭据:令牌上的 Base64 解码失败:”。仅供参考,我正在使用 Google's OAuth library for .NET.
这是我收到的令牌
ya29.c.Ko4B4Act579buZYyeoPgvOwuKREoi981lSLUQxA03SzAPGQuPY9Z3CXSnkouFdO4wj1lRwhGJxCLlnLlVsmLBySYf1VWQIbtSf8wMbIzW5b7n6mXeQgb-xk8SXwNZsLqxHprGlj-Zr35YrvoBzQPE6_OEQSD7g90g3Y-3DDnkCqs1m_K-udBVIVVYJ3lDQ
代码
class Program
{
public const string SCOPE_READONLY = "https://www.googleapis.com/auth/userinfo.profile";
public const string KEYFILE_PATH_READONLY = @"../../keys/XXXjson";
public const string CLIENT_EMAIL_READONLY = "YYY@XXX.iam.gserviceaccount.com";
static void Main(string[] args)
{
var token = GoogleServiceAccount.GetAccessTokenFromJSONKey(
KEYFILE_PATH_READONLY,
SCOPE_READONLY);
Console.WriteLine(token);
}
}
.
public class GoogleServiceAccount
{
/// <summary>
/// Get Access Token From JSON Key Async
/// </summary>
/// <param name="jsonKeyFilePath">Path to your JSON Key file</param>
/// <param name="scopes">Scopes required in access token</param>
/// <returns>Access token as string Task</returns>
public static async Task<string> GetAccessTokenFromJSONKeyAsync(string jsonKeyFilePath, params string[] scopes)
{
using (var stream = new FileStream(jsonKeyFilePath, FileMode.Open, FileAccess.Read))
{
return await GoogleCredential
.FromStream(stream) // Loads key file
.CreateScoped(scopes) // Gathers scopes requested
.UnderlyingCredential // Gets the credentials
.GetAccessTokenForRequestAsync("https://accounts.google.com/o/oauth2/auth"); // Gets the Access Token
}
}
/// <summary>
/// Get Access Token From JSON Key
/// </summary>
/// <param name="jsonKeyFilePath">Path to your JSON Key file</param>
/// <param name="scopes">Scopes required in access token</param>
/// <returns>Access token as string</returns>
public static string GetAccessTokenFromJSONKey(string jsonKeyFilePath, params string[] scopes)
{
return GetAccessTokenFromJSONKeyAsync(jsonKeyFilePath, scopes).Result;
}
}
我使用了不正确的方式来获取令牌。 here.
描述了通过 IAP 的确切方式