def generate_jwt(args):
"""Generates a signed JSON Web Token using a service account. Based on https://cloud.google.com/endpoints/docs/service-to-service-auth"""
# Make sure the service account has "Service Account Token Creator" permissions in Google IAM
credentials = ServiceAccountCredentials.from_json_keyfile_name(
args.service_account_file).create_scoped(['https://www.googleapis.com/auth/cloud-platform'])
service = googleapiclient.discovery.build(
serviceName='iam', version='v1', credentials=credentials)
now = int(time.time())
header_json = json.dumps({
"typ": "JWT",
"alg": "RS256"})
payload_json = json.dumps({
'iat': now,
"exp": now + 3600,
'iss': args.issuer if args.issuer else credentials.service_account_email,
"target_audience": 'https://' + args.aud,
"aud": "https://www.googleapis.com/oauth2/v4/token"
})
header_and_payload = '{}.{}'.format(
base64.urlsafe_b64encode(header_json),
base64.urlsafe_b64encode(payload_json))
slist = service.projects().serviceAccounts().signBlob(
name="projects/-/serviceAccounts/" + credentials.service_account_email,
body={'bytesToSign': base64.b64encode(header_and_payload)})
res = slist.execute()
signature = base64.urlsafe_b64encode(
base64.decodestring(res['signature']))
signed_jwt = '{}.{}'.format(header_and_payload, signature)
return signed_jwt
generate-google-id-jwt.py 文件源码
python
阅读 27
收藏 0
点赞 0
评论 0
评论列表
文章目录
