JWT validation failed: BAD_SIGNATURE #1146
Description
I use following file to encounter the issue
Write method test to generate signed JWT using app engine default service account
private String test() throws CertificateException, UnsupportedEncodingException,
NoSuchAlgorithmException, InvalidKeyException, SignatureException {
long now = System.currentTimeMillis() / 1000;
JSONObject headerJson = new JSONObject();
headerJson.put("typ", "JWT");
headerJson.put("alg", "RS256");
JSONObject payloadJson = new JSONObject();
payloadJson.put("iat", now);
payloadJson.put("exp", now + 3600);
payloadJson.put("iss", "{test-project}@appspot.gserviceaccount.com");
payloadJson.put("sub", "{test-project}@appspot.gserviceaccount.com");
payloadJson.put("aud", "https://echo-api.endpoints.{test-project}.cloud.goog");
String headerAndPayload = String.format("%s.%s", Base64.getUrlEncoder().encodeToString(headerJson.toString().getBytes()), Base64.getUrlEncoder().encodeToString(payloadJson.toString().getBytes()));
AppIdentityService appIdentityService = AppIdentityServiceFactory.getAppIdentityService();
AppIdentityService.SigningResult signingResult = appIdentityService.signForApp(headerAndPayload.getBytes());
String signedJwt = String.format("%s.%s", headerAndPayload , new
String(Base64.getUrlEncoder().encode(signingResult.getSignature())));
return signedJwt;
}
Describe the issue
I need generate signed JWT to authenticate java backend running in app engine. API secured using open api cloud end points. Following is my openapi.yaml
swagger: "2.0"
info:
description: "A simple Google Cloud Endpoints API example."
title: "Endpoints Example"
version: "1.0.0"
host: "echo-api.endpoints.{test-project}.cloud.goog"
consumes:
- "application/json"
produces:
- "application/json"
schemes:
- "https"
paths:
"/test/echo":
post:
description: "Echo back a given message."
operationId: "echo"
produces:
- "application/json"
responses:
200:
description: "Echo"
schema:
$ref: "#/definitions/echoMessage"
parameters:
-
description: "Message to echo"
in: body
name: message
required: true
schema:
$ref: "#/definitions/echoMessage"
security:
- api_key: []
google_jwt: []
definitions:
echoMessage:
type: "object"
properties:
message:
type: "string"
securityDefinitions:
google_jwt:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "stl-cardio-dev@appspot.gserviceaccount.com"
x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/{test-project}@appspot.gserviceaccount.com"
After creating JWT I tried to access /test/echo it given "JWT validation failed: BAD_SIGNATURE".
I tried to python client described in
https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/clients/service_to_service_gae_default/main.py
I use following "header and payload" and "sign method" , I received following results.
(01). python header_and_payload + python app_identity.sign_blob method => Success
(02). python header_and_payload + java appIdentity.signForApp() => Error
(03). java headerAndPayload + python app_identity.sign_blob method => Success
(04). java headerAndPayload + java appIdentity.signForApp() => Error
I see problem in appIdentity.signForApp() result in my java implementation.
I cannot find complete example or documentation. How I generate correct signed JWT using java.
Thank you.