OAuth2使用私钥C#身份验证
我正在尝试通过OAuth2对API进行身份验证,但是,由于私钥,我很难创建请求。供应商为我提供了示例代码,即Java,然后将其转换为C#,但我似乎无法将私有密钥输入JWT请求中。
旁注,为此示例掩盖了客户,秘密和URL。
工作Java代码
public class Test {
private static final String RSSO_URL = "https://test-dev.onbmc.com/rsso";
private static final String CLIENT_ID = "36fa1bd2-6f92-408e-b7e4-dd4df7a9cfaz";
private static final String CLIENT_SECRET = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjBgEAAoIBAQC169y6kMo/hZ/3oRFKwU1bxmzCJhWgH54j3Vn1JW4SmgO3rH5bHkVcqt03aaQmQms/fBDe2SlCKS3pxH6pVXB8aKQj8EOPWstwjvjsQrCiKLyqAMbc6E7IBVp1Dq77wFtv+P3fk80/9OA4a6ahr9Dp14+3YawyOU/5Ebf/i2WwKkySTgQOGLXvk3+LtsoODubMAnyJYWb6e+Uhrbn/vSqlGDDjGtANahw5oWjqFy8IYFttzMNB0VF2+sKIzGvQ+Izlo+u4wTgN7pB5g8bSz9Q92QzeWRVh7OCaef3L0i6Ozp3rO46bo3+G+QJdn4UKPcYMubtNGMC511aDU8Yay4IPAgMBAAECggEAMGTwMQk3ZDKN3XgRe4t0osdCNlufQRtoHC5UMeylHXmvJ3tRmbexx/cdqwgxTKQ6l4bPjhjC6wC9YASPlUhPRikoEQ9nSYljuSuveFo9VsXzel3+iOGbo4YZDC69yebf7CeWkZVl8m+X/ipVB4oXzz0y1Bu9jRbF+YIHKonQoU4MgsQQrYa8J8cSx75fkByNj9HdQtd99aK2jsMSArQ1R+PnUjDWpxlZBAowRmaw6iPWJbHmhLUSyrIvBJOo3fNZlXPS/S8jL5s0n137K640WFjy5LBakooHqmjfaFk/5z5krBaWaehDXU2AXLcKRQi946QhC99leSxBTastfjIh0QKBgQDZDZRME+GvJwnnMOht0BuVjcazCkY5LcfxD4vwQeK8p7zyqaxcvNu0+0ulKy+kqP6d/Q1ITIXlQDEA8a2d/iiOhSI84Y/g9az9ZSvRHH/Z5gRdRrymZJcqCzzpxjqi0uvaKOQUWwrKthnxnAS+1oJPlqOc1CtO/j4qzc7I2D7VxQKBgQDWkH5YTYLM5EWos1zdEmVqnIrUYbKlkyHJWSYnC/f5VsOoVEV4R1012w3HfwPceRjYOxeUtHTPN3MB9B5Xn5d3oBFBk8Md9phD5St9KXGakPY0sWC1yFEg8/Zr9fVm5jren6tJQmhKEeiV6DtueqQShEVVIEJixrQQkwFQ4SvJwwKBgCKh+Qyei38gEoNyGVQURaJ6Sb8dn5DWDjYXjfOa/6usdAigLCFr/P6Grk4/cs2qLV5WFz13AFJRCMCmz1YLTLtY4Nqn/wYdDSotb21hR8Ej44Rimg1OtZP+0QxYFdkPIJThu2rIEBPCNKeJhnRQ0+ARIDAQ5ownIxI/XoRLhNMlAoGAQl9mRgiMKrd+eOYrFtPm/Wi5ZWNncOKns/JY5AFGzyGw2rRe3QsuYUeG5qx61Eu9jL4S2FROQf+EGxmZ/T8ICuBAFkoQNIegqHgO0OPuGYM4NiqcoP77Ybc2BkWKiS81DMLVqI7bVfZePWkeYVmcwYGbNO8KuiV/dBUVdiCBfCMCgYEAoUvJefM+ENuhnxrH6A+4lEH4CI64gkQ5tkF3JeAMCiIov5OEuJx+65ULXeAwhrvcLB3Ginh0hI2RNQGV5iOeu0+sHmNA8yt0ivoCweNxiPM0RGWcH5FFBzI88WlGbMl0eg3NHt9jV5yTwNJYonjPFgCUkasaclhDZlZxgN891LA=";
private static final String PRIVATE_KEY = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhY8LmtZ7fZOAX\n" +
"gw7SKyHzZ6Q0H0ss+3cJ7NEkEofUN2IfycE5u6eQb396uN16bzZaQcwnK9He3xwk\n" +
"3H4wWLzOUlhfuo87bJ34VdNBa1hfAk4iyk1ZgyufGy6MKgwycXhIl9wibX/f1fmF\n" +
"khHnkXVyYY5hSewceCT51bMzcv+psGf7KkN8jh/bRb+/GGfxVy13GKfFTzwY1Y7G\n" +
"SH7J00EaUQsEVCbkV3HK185v6t1fb2faao2imgj/Xqzc/DBbConBoF8/89SJSuf9\n" +
"1RVGdctNwqerMOUoDJ2ynHNqhbO3POq6O1XMi0c75q4xdtrNWLa8A5ONPUXDgIo/\n" +
"Ddwj1tTNAgMBAAECggEACG83yXNtfRWkzyxv3wyPKjEsM2kiYo4Mf9oVX4C0BYyH\n" +
"BwKBURxFIoIRprGJVD4aLhl9PtAEfA8kWfrIXB3N/viU5wwvtP0VEkh/7dhLB88p\n" +
"xmKEr39ZoAwf203tg+u8IRdRvRYU7Xbv7gAv3FcUqpGdBuYByHT0iUbmfFvm1l46\n" +
"HD2ypQFKr3a536w2sFR6XKK6G+Al69lyg0Hg4jXmmDMo+xoxqrJeYxT11G6iBWmy\n" +
"UXKDdOVx4BarT+dcnCUP0yahmQz08XObNDNphWG/aOFF6cMyU4hNkK9q0AC6sAzQ\n" +
"89dTVTPErjEJcJZ16mtI9nv5u4VKfbL1mU+ivb4pQQKBgQD+FdFx+BKojVYilT1i\n" +
"WMbXabRtm03NezgzSgIDKTxiewoQAy+n+InGPy2pz18/1DP8kasnsU8VZvRM7dXV\n" +
"lJTXrqOM/lMN8vMt7/fpz0PYEDP6Qz7CLxA0xEcW2qFR4RAQzq3xXIH/7M4VUZzD\n" +
"qzznD8aJaG5fsSExt7aITU984QKBgQDjFpVsxDxF3YZBhonuNaSrvTdDwbMqdCLT\n" +
"ZoXUL+4aKY78cD2FCfdqJ5O1uyrAqgCgjouiVnNRzDy3qSSGxaiwpI3+FA8cCNiS\n" +
"W0CE/urjDDeXU0Q5jDSBdljBF23wf9mNmXpgXSHfgQVTIiVMVD5tNhU/ORu5PXzo\n" +
"SdW67DLJbQKBgDYYbRQnrclG9hy8y2nh3svEDI70bq4d2tRIoG8N23ZYHcdU9lN7\n" +
"vdGAZ/dsWCodwse2N8tmm6DB36d1R36GeL4Gx3lgOEyS+iVAnvafkyEwKfDRWk47\n" +
"eObTFxONjqUBFsuNRUlK2b6kKygszQR3s6q6GBnvKviinJ+aLnmMhCzhAoGBAKLC\n" +
"gP6f87/kcmFsiFePYyMkTwPlRQDclEloZesbH1DpEG6mE7HS3t3a1+ec6puEPUbW\n" +
"ZAZKaATsmWgZdvCRosJYbtz4i4vQW0kq1id8feWV1BJJv9BvSQKxTBO5Mzb4q3jt\n" +
"0+RVW/3Rf3uCMbFvf/7OkJPr3o76HxhuMx3yRMRRAoGAZiFbVjd3EKUdyE0O3QSh\n" +
"46KzTdT0ENhBlN2dpCdJjHJm3Lcxa7uY4sxa8NqYUW0NO2qRSd42IKfGX3qqi7wf\n" +
"+rUFFixCzQOoucR/ekTw+542Nbc0QejAQ0SUDwgHWX8L8Yi+W3UsBL2YLLIw5ged\n" +
"7Ghsl3cgdKPMlAh1kzxsWic=";
public static JsonPath getOAuthToken() throws InvalidKeySpecException, NoSuchAlgorithmException {
return with().log().all()
.contentType(ContentType.URLENC)
.formParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
.formParam("assertion", getClientJwt())
.formParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
.formParam("redirect_uri", "https://test-dev-restapi.us.onbmc.com/api/jwt/login")
.formParam("audience", "test-dev-restapi.us.onbmc.com")
.formParam("client_id", CLIENT_ID)
.formParam("client_secret", CLIENT_SECRET)
.when()
.post(RSSO_URL + "/oauth2/token")
.then()
.log().all()
.statusCode(HttpURLConnection.HTTP_OK)
.extract()
.response()
.getBody()
.jsonPath();
}
static String getClientJwt() throws InvalidKeySpecException, NoSuchAlgorithmException {
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 1);
return Jwts.builder()
.signWith(loadPrivateKey(PRIVATE_KEY))
.setIssuer(CLIENT_ID)
.setSubject("JWT")
.setAudience("test-dev-restapi.us.onbmc.com")
.setExpiration(calendar.getTime())
.compact();
}
static PrivateKey loadPrivateKey(String privateKeyStr) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(privateKeyStr));
return kf.generatePrivate(keySpecPKCS8);
}
//@Test
public void getOauthAccessTokenUsingJwtGrantType() throws Exception {
System.out.println("Trying to get OAuth Access and Refresh tokens");
JsonPath response = getOAuthToken();
System.out.println("Access Token = " + response.getString("access_token"));
System.out.println("Refresh Token = " + response.getString("refresh_token"));
System.out.println("Expires in = " + response.getString("expires_in"));
System.out.println("OAuth2 Token was successfully obtained.");
}
public static void main(String str[]) throws Exception {
JsonPath response = getOAuthToken();
}
}
将Java代码转换为C#
using java.security;
using java.security.spec;
using JWT;
using JWT.Algorithms;
using JWT.Builder;
using JWT.Serializers;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using RestSharp;
using RestSharp.Authenticators;
using System;
using System.Buffers.Text;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Cryptography;
using System.Text;
namespace TestApp
{
class Program
{
private static string RSSO_URL = "https://test-dev.onbmc.com/rsso";
`enter code here`private static string CLIENT_ID = "36fa1bd2-6f92-408e-b7e4-dd4df7a9cfaz";
private static string CLIENT_SECRET = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjBgEAAoIBAQC169y6kMo/hZ/3oRFKwU1bxmzCJhWgH54j3Vn1JW4SmgO3rH5bHkVcqt03aaQmQms/fBDe2SlCKS3pxH6pVXB8aKQj8EOPWstwjvjsQrCiKLyqAMbc6E7IBVp1Dq77wFtv+P3fk80/9OA4a6ahr9Dp14+3YawyOU/5Ebf/i2WwKkySTgQOGLXvk3+LtsoODubMAnyJYWb6e+Uhrbn/vSqlGDDjGtANahw5oWjqFy8IYFttzMNB0VF2+sKIzGvQ+Izlo+u4wTgN7pB5g8bSz9Q92QzeWRVh7OCaef3L0i6Ozp3rO46bo3+G+QJdn4UKPcYMubtNGMC511aDU8Yay4IPAgMBAAECggEAMGTwMQk3ZDKN3XgRe4t0osdCNlufQRtoHC5UMeylHXmvJ3tRmbexx/cdqwgxTKQ6l4bPjhjC6wC9YASPlUhPRikoEQ9nSYljuSuveFo9VsXzel3+iOGbo4YZDC69yebf7CeWkZVl8m+X/ipVB4oXzz0y1Bu9jRbF+YIHKonQoU4MgsQQrYa8J8cSx75fkByNj9HdQtd99aK2jsMSArQ1R+PnUjDWpxlZBAowRmaw6iPWJbHmhLUSyrIvBJOo3fNZlXPS/S8jL5s0n137K640WFjy5LBakooHqmjfaFk/5z5krBaWaehDXU2AXLcKRQi946QhC99leSxBTastfjIh0QKBgQDZDZRME+GvJwnnMOht0BuVjcazCkY5LcfxD4vwQeK8p7zyqaxcvNu0+0ulKy+kqP6d/Q1ITIXlQDEA8a2d/iiOhSI84Y/g9az9ZSvRHH/Z5gRdRrymZJcqCzzpxjqi0uvaKOQUWwrKthnxnAS+1oJPlqOc1CtO/j4qzc7I2D7VxQKBgQDWkH5YTYLM5EWos1zdEmVqnIrUYbKlkyHJWSYnC/f5VsOoVEV4R1012w3HfwPceRjYOxeUtHTPN3MB9B5Xn5d3oBFBk8Md9phD5St9KXGakPY0sWC1yFEg8/Zr9fVm5jren6tJQmhKEeiV6DtueqQShEVVIEJixrQQkwFQ4SvJwwKBgCKh+Qyei38gEoNyGVQURaJ6Sb8dn5DWDjYXjfOa/6usdAigLCFr/P6Grk4/cs2qLV5WFz13AFJRCMCmz1YLTLtY4Nqn/wYdDSotb21hR8Ej44Rimg1OtZP+0QxYFdkPIJThu2rIEBPCNKeJhnRQ0+ARIDAQ5ownIxI/XoRLhNMlAoGAQl9mRgiMKrd+eOYrFtPm/Wi5ZWNncOKns/JY5AFGzyGw2rRe3QsuYUeG5qx61Eu9jL4S2FROQf+EGxmZ/T8ICuBAFkoQNIegqHgO0OPuGYM4NiqcoP77Ybc2BkWKiS81DMLVqI7bVfZePWkeYVmcwYGbNO8KuiV/dBUVdiCBfCMCgYEAoUvJefM+ENuhnxrH6A+4lEH4CI64gkQ5tkF3JeAMCiIov5OEuJx+65ULXeAwhrvcLB3Ginh0hI2RNQGV5iOeu0+sHmNA8yt0ivoCweNxiPM0RGWcH5FFBzI88WlGbMl0eg3NHt9jV5yTwNJYonjPFgCUkasaclhDZlZxgN891LA=";
private static string PRIVATE_KEY = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhY8LmtZ7fZOAX\n" +
"gw7SKyHzZ6Q0H0ss+3cJ7NEkEofUN2IfycE5u6eQb396uN16bzZaQcwnK9He3xwk\n" +
"3H4wWLzOUlhfuo87bJ34VdNBa1hfAk4iyk1ZgyufGy6MKgwycXhIl9wibX/f1fmF\n" +
"khHnkXVyYY5hSewceCT51bMzcv+psGf7KkN8jh/bRb+/GGfxVy13GKfFTzwY1Y7G\n" +
"SH7J00EaUQsEVCbkV3HK185v6t1fb2faao2imgj/Xqzc/DBbConBoF8/89SJSuf9\n" +
"1RVGdctNwqerMOUoDJ2ynHNqhbO3POq6O1XMi0c75q4xdtrNWLa8A5ONPUXDgIo/\n" +
"Ddwj1tTNAgMBAAECggEACG83yXNtfRWkzyxv3wyPKjEsM2kiYo4Mf9oVX4C0BYyH\n" +
"BwKBURxFIoIRprGJVD4aLhl9PtAEfA8kWfrIXB3N/viU5wwvtP0VEkh/7dhLB88p\n" +
"xmKEr39ZoAwf203tg+u8IRdRvRYU7Xbv7gAv3FcUqpGdBuYByHT0iUbmfFvm1l46\n" +
"HD2ypQFKr3a536w2sFR6XKK6G+Al69lyg0Hg4jXmmDMo+xoxqrJeYxT11G6iBWmy\n" +
"UXKDdOVx4BarT+dcnCUP0yahmQz08XObNDNphWG/aOFF6cMyU4hNkK9q0AC6sAzQ\n" +
"89dTVTPErjEJcJZ16mtI9nv5u4VKfbL1mU+ivb4pQQKBgQD+FdFx+BKojVYilT1i\n" +
"WMbXabRtm03NezgzSgIDKTxiewoQAy+n+InGPy2pz18/1DP8kasnsU8VZvRM7dXV\n" +
"lJTXrqOM/lMN8vMt7/fpz0PYEDP6Qz7CLxA0xEcW2qFR4RAQzq3xXIH/7M4VUZzD\n" +
"qzznD8aJaG5fsSExt7aITU984QKBgQDjFpVsxDxF3YZBhonuNaSrvTdDwbMqdCLT\n" +
"ZoXUL+4aKY78cD2FCfdqJ5O1uyrAqgCgjouiVnNRzDy3qSSGxaiwpI3+FA8cCNiS\n" +
"W0CE/urjDDeXU0Q5jDSBdljBF23wf9mNmXpgXSHfgQVTIiVMVD5tNhU/ORu5PXzo\n" +
"SdW67DLJbQKBgDYYbRQnrclG9hy8y2nh3svEDI70bq4d2tRIoG8N23ZYHcdU9lN7\n" +
"vdGAZ/dsWCodwse2N8tmm6DB36d1R36GeL4Gx3lgOEyS+iVAnvafkyEwKfDRWk47\n" +
"eObTFxONjqUBFsuNRUlK2b6kKygszQR3s6q6GBnvKviinJ+aLnmMhCzhAoGBAKLC\n" +
"gP6f87/kcmFsiFePYyMkTwPlRQDclEloZesbH1DpEG6mE7HS3t3a1+ec6puEPUbW\n" +
"ZAZKaATsmWgZdvCRosJYbtz4i4vQW0kq1id8feWV1BJJv9BvSQKxTBO5Mzb4q3jt\n" +
"0+RVW/3Rf3uCMbFvf/7OkJPr3o76HxhuMx3yRMRRAoGAZiFbVjd3EKUdyE0O3QSh\n" +
"46KzTdT0ENhBlN2dpCdJjHJm3Lcxa7uY4sxa8NqYUW0NO2qRSd42IKfGX3qqi7wf\n" +
"+rUFFixCzQOoucR/ekTw+542Nbc0QejAQ0SUDwgHWX8L8Yi+W3UsBL2YLLIw5ged\n" +
"7Ghsl3cgdKPMlAh1kzxsWic=";
static void Main(string[] args)
{
try
{
//create RestSharp client and POST request object
var client = new RestClient(RSSO_URL + "/oauth2/token");
var request = new RestRequest();
request.Method = Method.Post;
client.Authenticator = new HttpBasicAuthenticator(CLIENT_ID, CLIENT_SECRET);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
request.AddParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
request.AddParameter("redirect_uri", "https://test-dev-restapi.us.onbmc.com/api/jwt/login");
request.AddParameter("audience", "test-dev-restapi.us.onbmc.com");
request.AddParameter("client_id", CLIENT_ID);
request.AddParameter("client_secret", CLIENT_SECRET);
request.AddParameter("assertion", Program.getClientJwt());
RestResponse response = client.Execute(request);
//return an AccessToken
var poo = JsonConvert.DeserializeObject(response.Content);
}
catch(Exception ex)
{
}
}
public static string getClientJwt() {
DateTime exp = DateTime.UtcNow.AddYears(1);
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(PRIVATE_KEY));
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
var token = new JwtSecurityToken(CLIENT_ID, "miamidade-dev-restapi.us.onbmc.com", null, null, DateTime.UtcNow.AddYears(1), signIn);
return new JwtSecurityTokenHandler().WriteToken(token);
}
public static PrivateKey loadPrivateKey(String privateKeyStr)
{
KeyFactory kf = KeyFactory.getInstance("RSA");
byte[] decodedBytes = Convert.FromBase64String(privateKeyStr);
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(decodedBytes);
return kf.generatePrivate(keySpecPKCS8);
}
}
}
时,我会收到错误 {“ error_description”:“没有有效的请求,jwt被拒绝”,“错误”:“ invalid_grant”}
I am attempting to authenticate via Oauth2 to an API however, I had trouble creating the request because of a private key. I was provided a sample code by the vendor which is Java and I converted it over to C# but I can't seem to get the private key into the JWT request.
Side note, the client, secret and URL's have been masked for this example.
Working Java code
public class Test {
private static final String RSSO_URL = "https://test-dev.onbmc.com/rsso";
private static final String CLIENT_ID = "36fa1bd2-6f92-408e-b7e4-dd4df7a9cfaz";
private static final String CLIENT_SECRET = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjBgEAAoIBAQC169y6kMo/hZ/3oRFKwU1bxmzCJhWgH54j3Vn1JW4SmgO3rH5bHkVcqt03aaQmQms/fBDe2SlCKS3pxH6pVXB8aKQj8EOPWstwjvjsQrCiKLyqAMbc6E7IBVp1Dq77wFtv+P3fk80/9OA4a6ahr9Dp14+3YawyOU/5Ebf/i2WwKkySTgQOGLXvk3+LtsoODubMAnyJYWb6e+Uhrbn/vSqlGDDjGtANahw5oWjqFy8IYFttzMNB0VF2+sKIzGvQ+Izlo+u4wTgN7pB5g8bSz9Q92QzeWRVh7OCaef3L0i6Ozp3rO46bo3+G+QJdn4UKPcYMubtNGMC511aDU8Yay4IPAgMBAAECggEAMGTwMQk3ZDKN3XgRe4t0osdCNlufQRtoHC5UMeylHXmvJ3tRmbexx/cdqwgxTKQ6l4bPjhjC6wC9YASPlUhPRikoEQ9nSYljuSuveFo9VsXzel3+iOGbo4YZDC69yebf7CeWkZVl8m+X/ipVB4oXzz0y1Bu9jRbF+YIHKonQoU4MgsQQrYa8J8cSx75fkByNj9HdQtd99aK2jsMSArQ1R+PnUjDWpxlZBAowRmaw6iPWJbHmhLUSyrIvBJOo3fNZlXPS/S8jL5s0n137K640WFjy5LBakooHqmjfaFk/5z5krBaWaehDXU2AXLcKRQi946QhC99leSxBTastfjIh0QKBgQDZDZRME+GvJwnnMOht0BuVjcazCkY5LcfxD4vwQeK8p7zyqaxcvNu0+0ulKy+kqP6d/Q1ITIXlQDEA8a2d/iiOhSI84Y/g9az9ZSvRHH/Z5gRdRrymZJcqCzzpxjqi0uvaKOQUWwrKthnxnAS+1oJPlqOc1CtO/j4qzc7I2D7VxQKBgQDWkH5YTYLM5EWos1zdEmVqnIrUYbKlkyHJWSYnC/f5VsOoVEV4R1012w3HfwPceRjYOxeUtHTPN3MB9B5Xn5d3oBFBk8Md9phD5St9KXGakPY0sWC1yFEg8/Zr9fVm5jren6tJQmhKEeiV6DtueqQShEVVIEJixrQQkwFQ4SvJwwKBgCKh+Qyei38gEoNyGVQURaJ6Sb8dn5DWDjYXjfOa/6usdAigLCFr/P6Grk4/cs2qLV5WFz13AFJRCMCmz1YLTLtY4Nqn/wYdDSotb21hR8Ej44Rimg1OtZP+0QxYFdkPIJThu2rIEBPCNKeJhnRQ0+ARIDAQ5ownIxI/XoRLhNMlAoGAQl9mRgiMKrd+eOYrFtPm/Wi5ZWNncOKns/JY5AFGzyGw2rRe3QsuYUeG5qx61Eu9jL4S2FROQf+EGxmZ/T8ICuBAFkoQNIegqHgO0OPuGYM4NiqcoP77Ybc2BkWKiS81DMLVqI7bVfZePWkeYVmcwYGbNO8KuiV/dBUVdiCBfCMCgYEAoUvJefM+ENuhnxrH6A+4lEH4CI64gkQ5tkF3JeAMCiIov5OEuJx+65ULXeAwhrvcLB3Ginh0hI2RNQGV5iOeu0+sHmNA8yt0ivoCweNxiPM0RGWcH5FFBzI88WlGbMl0eg3NHt9jV5yTwNJYonjPFgCUkasaclhDZlZxgN891LA=";
private static final String PRIVATE_KEY = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhY8LmtZ7fZOAX\n" +
"gw7SKyHzZ6Q0H0ss+3cJ7NEkEofUN2IfycE5u6eQb396uN16bzZaQcwnK9He3xwk\n" +
"3H4wWLzOUlhfuo87bJ34VdNBa1hfAk4iyk1ZgyufGy6MKgwycXhIl9wibX/f1fmF\n" +
"khHnkXVyYY5hSewceCT51bMzcv+psGf7KkN8jh/bRb+/GGfxVy13GKfFTzwY1Y7G\n" +
"SH7J00EaUQsEVCbkV3HK185v6t1fb2faao2imgj/Xqzc/DBbConBoF8/89SJSuf9\n" +
"1RVGdctNwqerMOUoDJ2ynHNqhbO3POq6O1XMi0c75q4xdtrNWLa8A5ONPUXDgIo/\n" +
"Ddwj1tTNAgMBAAECggEACG83yXNtfRWkzyxv3wyPKjEsM2kiYo4Mf9oVX4C0BYyH\n" +
"BwKBURxFIoIRprGJVD4aLhl9PtAEfA8kWfrIXB3N/viU5wwvtP0VEkh/7dhLB88p\n" +
"xmKEr39ZoAwf203tg+u8IRdRvRYU7Xbv7gAv3FcUqpGdBuYByHT0iUbmfFvm1l46\n" +
"HD2ypQFKr3a536w2sFR6XKK6G+Al69lyg0Hg4jXmmDMo+xoxqrJeYxT11G6iBWmy\n" +
"UXKDdOVx4BarT+dcnCUP0yahmQz08XObNDNphWG/aOFF6cMyU4hNkK9q0AC6sAzQ\n" +
"89dTVTPErjEJcJZ16mtI9nv5u4VKfbL1mU+ivb4pQQKBgQD+FdFx+BKojVYilT1i\n" +
"WMbXabRtm03NezgzSgIDKTxiewoQAy+n+InGPy2pz18/1DP8kasnsU8VZvRM7dXV\n" +
"lJTXrqOM/lMN8vMt7/fpz0PYEDP6Qz7CLxA0xEcW2qFR4RAQzq3xXIH/7M4VUZzD\n" +
"qzznD8aJaG5fsSExt7aITU984QKBgQDjFpVsxDxF3YZBhonuNaSrvTdDwbMqdCLT\n" +
"ZoXUL+4aKY78cD2FCfdqJ5O1uyrAqgCgjouiVnNRzDy3qSSGxaiwpI3+FA8cCNiS\n" +
"W0CE/urjDDeXU0Q5jDSBdljBF23wf9mNmXpgXSHfgQVTIiVMVD5tNhU/ORu5PXzo\n" +
"SdW67DLJbQKBgDYYbRQnrclG9hy8y2nh3svEDI70bq4d2tRIoG8N23ZYHcdU9lN7\n" +
"vdGAZ/dsWCodwse2N8tmm6DB36d1R36GeL4Gx3lgOEyS+iVAnvafkyEwKfDRWk47\n" +
"eObTFxONjqUBFsuNRUlK2b6kKygszQR3s6q6GBnvKviinJ+aLnmMhCzhAoGBAKLC\n" +
"gP6f87/kcmFsiFePYyMkTwPlRQDclEloZesbH1DpEG6mE7HS3t3a1+ec6puEPUbW\n" +
"ZAZKaATsmWgZdvCRosJYbtz4i4vQW0kq1id8feWV1BJJv9BvSQKxTBO5Mzb4q3jt\n" +
"0+RVW/3Rf3uCMbFvf/7OkJPr3o76HxhuMx3yRMRRAoGAZiFbVjd3EKUdyE0O3QSh\n" +
"46KzTdT0ENhBlN2dpCdJjHJm3Lcxa7uY4sxa8NqYUW0NO2qRSd42IKfGX3qqi7wf\n" +
"+rUFFixCzQOoucR/ekTw+542Nbc0QejAQ0SUDwgHWX8L8Yi+W3UsBL2YLLIw5ged\n" +
"7Ghsl3cgdKPMlAh1kzxsWic=";
public static JsonPath getOAuthToken() throws InvalidKeySpecException, NoSuchAlgorithmException {
return with().log().all()
.contentType(ContentType.URLENC)
.formParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
.formParam("assertion", getClientJwt())
.formParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
.formParam("redirect_uri", "https://test-dev-restapi.us.onbmc.com/api/jwt/login")
.formParam("audience", "test-dev-restapi.us.onbmc.com")
.formParam("client_id", CLIENT_ID)
.formParam("client_secret", CLIENT_SECRET)
.when()
.post(RSSO_URL + "/oauth2/token")
.then()
.log().all()
.statusCode(HttpURLConnection.HTTP_OK)
.extract()
.response()
.getBody()
.jsonPath();
}
static String getClientJwt() throws InvalidKeySpecException, NoSuchAlgorithmException {
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 1);
return Jwts.builder()
.signWith(loadPrivateKey(PRIVATE_KEY))
.setIssuer(CLIENT_ID)
.setSubject("JWT")
.setAudience("test-dev-restapi.us.onbmc.com")
.setExpiration(calendar.getTime())
.compact();
}
static PrivateKey loadPrivateKey(String privateKeyStr) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(privateKeyStr));
return kf.generatePrivate(keySpecPKCS8);
}
//@Test
public void getOauthAccessTokenUsingJwtGrantType() throws Exception {
System.out.println("Trying to get OAuth Access and Refresh tokens");
JsonPath response = getOAuthToken();
System.out.println("Access Token = " + response.getString("access_token"));
System.out.println("Refresh Token = " + response.getString("refresh_token"));
System.out.println("Expires in = " + response.getString("expires_in"));
System.out.println("OAuth2 Token was successfully obtained.");
}
public static void main(String str[]) throws Exception {
JsonPath response = getOAuthToken();
}
}
Converted Java code to C#
using java.security;
using java.security.spec;
using JWT;
using JWT.Algorithms;
using JWT.Builder;
using JWT.Serializers;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using RestSharp;
using RestSharp.Authenticators;
using System;
using System.Buffers.Text;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Cryptography;
using System.Text;
namespace TestApp
{
class Program
{
private static string RSSO_URL = "https://test-dev.onbmc.com/rsso";
`enter code here`private static string CLIENT_ID = "36fa1bd2-6f92-408e-b7e4-dd4df7a9cfaz";
private static string CLIENT_SECRET = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjBgEAAoIBAQC169y6kMo/hZ/3oRFKwU1bxmzCJhWgH54j3Vn1JW4SmgO3rH5bHkVcqt03aaQmQms/fBDe2SlCKS3pxH6pVXB8aKQj8EOPWstwjvjsQrCiKLyqAMbc6E7IBVp1Dq77wFtv+P3fk80/9OA4a6ahr9Dp14+3YawyOU/5Ebf/i2WwKkySTgQOGLXvk3+LtsoODubMAnyJYWb6e+Uhrbn/vSqlGDDjGtANahw5oWjqFy8IYFttzMNB0VF2+sKIzGvQ+Izlo+u4wTgN7pB5g8bSz9Q92QzeWRVh7OCaef3L0i6Ozp3rO46bo3+G+QJdn4UKPcYMubtNGMC511aDU8Yay4IPAgMBAAECggEAMGTwMQk3ZDKN3XgRe4t0osdCNlufQRtoHC5UMeylHXmvJ3tRmbexx/cdqwgxTKQ6l4bPjhjC6wC9YASPlUhPRikoEQ9nSYljuSuveFo9VsXzel3+iOGbo4YZDC69yebf7CeWkZVl8m+X/ipVB4oXzz0y1Bu9jRbF+YIHKonQoU4MgsQQrYa8J8cSx75fkByNj9HdQtd99aK2jsMSArQ1R+PnUjDWpxlZBAowRmaw6iPWJbHmhLUSyrIvBJOo3fNZlXPS/S8jL5s0n137K640WFjy5LBakooHqmjfaFk/5z5krBaWaehDXU2AXLcKRQi946QhC99leSxBTastfjIh0QKBgQDZDZRME+GvJwnnMOht0BuVjcazCkY5LcfxD4vwQeK8p7zyqaxcvNu0+0ulKy+kqP6d/Q1ITIXlQDEA8a2d/iiOhSI84Y/g9az9ZSvRHH/Z5gRdRrymZJcqCzzpxjqi0uvaKOQUWwrKthnxnAS+1oJPlqOc1CtO/j4qzc7I2D7VxQKBgQDWkH5YTYLM5EWos1zdEmVqnIrUYbKlkyHJWSYnC/f5VsOoVEV4R1012w3HfwPceRjYOxeUtHTPN3MB9B5Xn5d3oBFBk8Md9phD5St9KXGakPY0sWC1yFEg8/Zr9fVm5jren6tJQmhKEeiV6DtueqQShEVVIEJixrQQkwFQ4SvJwwKBgCKh+Qyei38gEoNyGVQURaJ6Sb8dn5DWDjYXjfOa/6usdAigLCFr/P6Grk4/cs2qLV5WFz13AFJRCMCmz1YLTLtY4Nqn/wYdDSotb21hR8Ej44Rimg1OtZP+0QxYFdkPIJThu2rIEBPCNKeJhnRQ0+ARIDAQ5ownIxI/XoRLhNMlAoGAQl9mRgiMKrd+eOYrFtPm/Wi5ZWNncOKns/JY5AFGzyGw2rRe3QsuYUeG5qx61Eu9jL4S2FROQf+EGxmZ/T8ICuBAFkoQNIegqHgO0OPuGYM4NiqcoP77Ybc2BkWKiS81DMLVqI7bVfZePWkeYVmcwYGbNO8KuiV/dBUVdiCBfCMCgYEAoUvJefM+ENuhnxrH6A+4lEH4CI64gkQ5tkF3JeAMCiIov5OEuJx+65ULXeAwhrvcLB3Ginh0hI2RNQGV5iOeu0+sHmNA8yt0ivoCweNxiPM0RGWcH5FFBzI88WlGbMl0eg3NHt9jV5yTwNJYonjPFgCUkasaclhDZlZxgN891LA=";
private static string PRIVATE_KEY = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhY8LmtZ7fZOAX\n" +
"gw7SKyHzZ6Q0H0ss+3cJ7NEkEofUN2IfycE5u6eQb396uN16bzZaQcwnK9He3xwk\n" +
"3H4wWLzOUlhfuo87bJ34VdNBa1hfAk4iyk1ZgyufGy6MKgwycXhIl9wibX/f1fmF\n" +
"khHnkXVyYY5hSewceCT51bMzcv+psGf7KkN8jh/bRb+/GGfxVy13GKfFTzwY1Y7G\n" +
"SH7J00EaUQsEVCbkV3HK185v6t1fb2faao2imgj/Xqzc/DBbConBoF8/89SJSuf9\n" +
"1RVGdctNwqerMOUoDJ2ynHNqhbO3POq6O1XMi0c75q4xdtrNWLa8A5ONPUXDgIo/\n" +
"Ddwj1tTNAgMBAAECggEACG83yXNtfRWkzyxv3wyPKjEsM2kiYo4Mf9oVX4C0BYyH\n" +
"BwKBURxFIoIRprGJVD4aLhl9PtAEfA8kWfrIXB3N/viU5wwvtP0VEkh/7dhLB88p\n" +
"xmKEr39ZoAwf203tg+u8IRdRvRYU7Xbv7gAv3FcUqpGdBuYByHT0iUbmfFvm1l46\n" +
"HD2ypQFKr3a536w2sFR6XKK6G+Al69lyg0Hg4jXmmDMo+xoxqrJeYxT11G6iBWmy\n" +
"UXKDdOVx4BarT+dcnCUP0yahmQz08XObNDNphWG/aOFF6cMyU4hNkK9q0AC6sAzQ\n" +
"89dTVTPErjEJcJZ16mtI9nv5u4VKfbL1mU+ivb4pQQKBgQD+FdFx+BKojVYilT1i\n" +
"WMbXabRtm03NezgzSgIDKTxiewoQAy+n+InGPy2pz18/1DP8kasnsU8VZvRM7dXV\n" +
"lJTXrqOM/lMN8vMt7/fpz0PYEDP6Qz7CLxA0xEcW2qFR4RAQzq3xXIH/7M4VUZzD\n" +
"qzznD8aJaG5fsSExt7aITU984QKBgQDjFpVsxDxF3YZBhonuNaSrvTdDwbMqdCLT\n" +
"ZoXUL+4aKY78cD2FCfdqJ5O1uyrAqgCgjouiVnNRzDy3qSSGxaiwpI3+FA8cCNiS\n" +
"W0CE/urjDDeXU0Q5jDSBdljBF23wf9mNmXpgXSHfgQVTIiVMVD5tNhU/ORu5PXzo\n" +
"SdW67DLJbQKBgDYYbRQnrclG9hy8y2nh3svEDI70bq4d2tRIoG8N23ZYHcdU9lN7\n" +
"vdGAZ/dsWCodwse2N8tmm6DB36d1R36GeL4Gx3lgOEyS+iVAnvafkyEwKfDRWk47\n" +
"eObTFxONjqUBFsuNRUlK2b6kKygszQR3s6q6GBnvKviinJ+aLnmMhCzhAoGBAKLC\n" +
"gP6f87/kcmFsiFePYyMkTwPlRQDclEloZesbH1DpEG6mE7HS3t3a1+ec6puEPUbW\n" +
"ZAZKaATsmWgZdvCRosJYbtz4i4vQW0kq1id8feWV1BJJv9BvSQKxTBO5Mzb4q3jt\n" +
"0+RVW/3Rf3uCMbFvf/7OkJPr3o76HxhuMx3yRMRRAoGAZiFbVjd3EKUdyE0O3QSh\n" +
"46KzTdT0ENhBlN2dpCdJjHJm3Lcxa7uY4sxa8NqYUW0NO2qRSd42IKfGX3qqi7wf\n" +
"+rUFFixCzQOoucR/ekTw+542Nbc0QejAQ0SUDwgHWX8L8Yi+W3UsBL2YLLIw5ged\n" +
"7Ghsl3cgdKPMlAh1kzxsWic=";
static void Main(string[] args)
{
try
{
//create RestSharp client and POST request object
var client = new RestClient(RSSO_URL + "/oauth2/token");
var request = new RestRequest();
request.Method = Method.Post;
client.Authenticator = new HttpBasicAuthenticator(CLIENT_ID, CLIENT_SECRET);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
request.AddParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
request.AddParameter("redirect_uri", "https://test-dev-restapi.us.onbmc.com/api/jwt/login");
request.AddParameter("audience", "test-dev-restapi.us.onbmc.com");
request.AddParameter("client_id", CLIENT_ID);
request.AddParameter("client_secret", CLIENT_SECRET);
request.AddParameter("assertion", Program.getClientJwt());
RestResponse response = client.Execute(request);
//return an AccessToken
var poo = JsonConvert.DeserializeObject(response.Content);
}
catch(Exception ex)
{
}
}
public static string getClientJwt() {
DateTime exp = DateTime.UtcNow.AddYears(1);
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(PRIVATE_KEY));
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
var token = new JwtSecurityToken(CLIENT_ID, "miamidade-dev-restapi.us.onbmc.com", null, null, DateTime.UtcNow.AddYears(1), signIn);
return new JwtSecurityTokenHandler().WriteToken(token);
}
public static PrivateKey loadPrivateKey(String privateKeyStr)
{
KeyFactory kf = KeyFactory.getInstance("RSA");
byte[] decodedBytes = Convert.FromBase64String(privateKeyStr);
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(decodedBytes);
return kf.generatePrivate(keySpecPKCS8);
}
}
}
When I send the request, I get the error
{"error_description":"Not valid request, JWT is rejected","error":"invalid_grant"}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论