def generate_jwt():
"""Generates a signed JSON Web Token using the Google App Engine default
service account."""
now = int(time.time())
header_json = json.dumps({
"typ": "JWT",
"alg": "RS256"})
payload_json = json.dumps({
"iat": now,
# expires after one hour.
"exp": now + 3600,
# iss is the service account email.
"iss": SERVICE_ACCOUNT_EMAIL,
# target_audience is the URL of the target service.
"target_audience": TARGET_AUD,
# aud must be Google token endpoints URL.
"aud": "https://www.googleapis.com/oauth2/v4/token"
})
headerAndPayload = '{}.{}'.format(
base64.urlsafe_b64encode(header_json),
base64.urlsafe_b64encode(payload_json))
(key_name, signature) = app_identity.sign_blob(headerAndPayload)
signed_jwt = '{}.{}'.format(
headerAndPayload,
base64.urlsafe_b64encode(signature))
return signed_jwt
评论列表
文章目录
