Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

1
Invalid JWT Signature when trying to auth to google sheets
Post Flair (click to view more posts with a particular flair)
:snoo_shrug: Unsolved
Post Body

This is what I have (which looks right) can someone tell me what I am doing wrong?I am attempting to get a token using a service account.

<!DOCTYPE html>
<html>
<body>
</body>
<script src='https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js'></script>
<script type="text/javascript">

function base64url(source) {
  // Encode in classical base64
  encodedSource = CryptoJS.enc.Base64.stringify(source);

  // Remove padding equal characters
  encodedSource = encodedSource.replace(/= $/, '');

  // Replace characters according to base64url specifications
  encodedSource = encodedSource.replace(/\ /g, '-');
  encodedSource = encodedSource.replace(/\//g, '_');

  return encodedSource;
}

var source = "Hello!";

// 48 65 6c 6c 6f 21
console.log(CryptoJS.enc.Utf8.parse(source).toString());
//Post Method Start

var header = {
  "alg": "HS256",
  "typ": "JWT"
};

var iat = Math.round(Date.now() / 1000);
var exp = iat   3600;

var payloadJson = {
    "iss": "myAccount_at_keyfordata.iam.gserviceaccount.com",
    "scope":"https://www.googleapis.com/auth/spreadsheets",
    "aud":"https://oauth2.googleapis.com/token",
    "exp": ""   exp   "",
    "iat": ""   iat   ""
}

var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header));
var encodedHeader = base64url(stringifiedHeader);
var stringifiedPayload = CryptoJS.enc.Utf8.parse(JSON.stringify(payloadJson));
var encodedPayload = base64url(stringifiedPayload);
console.log(encodedHeader   "."   encodedPayload);

var secret = '-----BEGIN PRIVATE KEY-----\n{myKey}\n-----END PRIVATE KEY-----\n';

var token = encodedHeader   "."   encodedPayload;
var signature = CryptoJS.HmacSHA256(token, secret);
signature = base64url(signature);

var signedToken = token   "."   signature;

var xhrPost = new XMLHttpRequest();

let assertion = signedToken;

xhrPost.open('POST', ('https://oauth2.googleapis.com/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion='   assertion)); 

xhrPost.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

var formData = new FormData();

formData.append('assertion', assertion);

xhrPost.onload = function() {
    if(xhrPost.status === 200){
        var response = JSON.parse(xhrPost.responseText);
        console.log(response);
    }
    else{ 
        console.log(xhrPost.response); 
    }
};

xhrPost.send();
//Post Method End




</script>

</html>

Author
Account Strength
100%
Account Age
13 years
Verified Email
Yes
Verified Flair
No
Total Karma
26,663
Link Karma
8,214
Comment Karma
18,430
Profile updated: 4 days ago
Posts updated: 8 months ago
isatrap

Subreddit

r/googlesheets

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
4 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/googlesheet...