JWT 令牌 Google 云 运行

JWT Token Google Cloud Run

我正在google云平台开发一个带有JWT认证的应用。服务器端我通过云 API 网关向云 运行 后端添加了身份验证。现在我正在创建一个客户端来生成 JWT 令牌并在调用中传递它。为此,我正在创建一个必须部署在 CloudRun 上的应用程序,并且我正在遵循此文档:https://cloud.google.com/api-gateway/docs/authenticate-service-account#making_an_authenticated_request。我的问题是我不知道如何指示它需要什么作为 saKeyfile。我试图只放置 src / main / resources / filetest.json 下的文件名,但是一旦我尝试调用该方法,它就会告诉我找不到文件。我也试图指出完整路径。谁能帮帮我?

PS 我正在使用 Java

编辑: 这是我的代码,与文档相同

 public void makeCall() {
    String fullPath="src/main/resources/TEST1-id.json";
    String saEmail="testsa@projectID.iam.gserviceaccount.com";
    String audience="auth";
    int expiryLenght=600;
    String token;
    try {
        token=generateJwt(fullPath,saEmail,audience,expiryLenght);
        System.out.println("Token generated: "+token);
        URL url = new URL("apigatewayurl");
        makeJwtRequest(token, url);
        System.out.println("Call performed");
    } catch (IOException e) {
        e.printStackTrace();
    }

}

private static String generateJwt(final String saKeyfile, final String saEmail,
                                  final String audience, final int expiryLength)
        throws FileNotFoundException, IOException {

    Date now = new Date();
    Date expTime = new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(expiryLength));

    // Build the JWT payload
    JWTCreator.Builder token = JWT.create()
            .withIssuedAt(now)
            // Expires after 'expiraryLength' seconds
            .withExpiresAt(expTime)
            // Must match 'issuer' in the security configuration in your
            // swagger spec (e.g. service account email)
            .withIssuer(saEmail)
            // Must be either your Endpoints service name, or match the value
            // specified as the 'x-google-audience' in the OpenAPI document
            .withAudience(audience)
            // Subject and email should match the service account's email
            .withSubject(saEmail)
            .withClaim("email", saEmail);

    // Sign the JWT with a service account
    FileInputStream stream = new FileInputStream(saKeyfile);
    ServiceAccountCredentials cred = ServiceAccountCredentials.fromStream(stream);
    RSAPrivateKey key = (RSAPrivateKey) cred.getPrivateKey();
    Algorithm algorithm = Algorithm.RSA256(null, key);
    return token.sign(algorithm);
}

我试过像示例中那样使用完整路径并且仅使用 /TEST1-id.json

这里有项目结构。是我将在云中部署的 springboot 应用程序 运行

OP 以这种方式解决了问题

In the end I put the file in the root and copied it in the docker image and recover it as an environment variable in cloud run