1

How do I make an authentication request for Google service accounts API REST?

Authentication Docs: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

I'm not sure what the values for signature is supposed to be?

{"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp":1328554385,
"iat":1328550785
}.
[signature bytes]

The docs just say "signature bytes". Where do I get this "signature"?

Header: 

{"alg":"RS256","typ":"JWT"}

Claim:

{
  "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
  "scope":"https://www.googleapis.com/auth/devstorage.readonly",
  "aud":"https://www.googleapis.com/oauth2/v4/token",
  "exp":1328554385,
  "iat":1328550785
}

Signature:

{Base64url encoded header}.{Base64url encoded claim set}

The signature appears to just be the header combined with the claim, each separately base64 encoded.

If you take the dump from the example, the signature is not the combination of the JWT header and claim set. 

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.
eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ.
ixOUGehweEVX_UKXv5BbbwVEdcz6AYS-6uQV6fGorGKrHf3LIJnyREw9evE-gs2bmMaQI5_UbabvI4k-mQE4kBqtmSpTzxYBL1TCd7Kv5nTZoUC1CmwmWCFqT9RE6D7XSgPUh_jF1qskLa2w0rxMSjwruNKbysgRNctZPln7cqQ
Caleb Pitman
  • 1,105
  • 1
  • 12
  • 24

1 Answers1

0

You can use Google Oauth 2.0 endpoints to create web server applications that use Oauth 2.0 authorization access to Google APIs. Oauth 2.0 server directs the user back to your application along with a single use authorization code. Your application exchange this authorization code for an access token.

To make an authentication request in RESTful client server, you have to put a token within the HTTP Headers, so that the request is authenticated. This is what OAuth 2.0 does. See the RFC 6749

See this article for some details about RESTful authentication in client-server based on JSON and REST.

Signature are not required for the actual API calls once the token has been generated. OAuth 2.0 has only one security token and no signature required. Check this stack overflow ticket which discuss about signature: How is OAuth 2 different from OAuth 1?

Community
  • 1
  • 1
Android Enthusiast
  • 4,826
  • 2
  • 15
  • 30