CODEWITHSUNDEEP
firebasegoogle-cloud-platformjwtpostman
Hawk
Hawk

Reputation: 5170

Firebase & Postman | Generate JWT for Google Identity OAuth 2.0 token

I am trying to execute some administrative tasks on my Cloud Firestore (upload some data, ... etc.). I read through the documentations here

Use a Google Identity OAuth 2.0 token and a service account to authenticate requests from your application, such as requests for database administration.

This referred to the documentation here on how to make Authorized API Call after generating JWT. I am struggling with generating the JWT.

This is what I tried:

  1. I formed the header and the claim set

    {"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://oauth2.googleapis.com/token",
"exp":1328554385,
"iat":1328550785
}

  2. Went to https://jwt.io/ to generate JWT with RSA256. It asks for public key and private key. I understand the private key can be generated in json formate from service account I created under https://console.cloud.google.com/iam-admin/serviceaccounts. However, I am not sure where to obtain the public key. jwt.io does not generate jwt. I only get 'invalid signature'.

There are many examples in the web using SDK or libraries. However, I could not see any example on how to generate JWT manually (if that is possible at all) to use it with Postman. Any idea?

Upvotes: 0

Views: 1371

Answers (1)

Hawk
Hawk

Reputation: 5170

Thanks to @JohnHanley. I managed to generate the token. This is not entirely withing Postman (I am still relying on jwt.io to generate the jwt).

  1. after creating service account here. add a key and download the p12 file (not json). The default secret is notasecret

  2. convert p12 to pem and extract the public key:
    $openssl pkcs12 -in postman-admin-private.p12 -out postman-admin-private.pem -nodes
    $openssl rsa -in postman-admin-private.pem -outform PEM -pubout -out postman-admin-public.pem

  3. Open both pem files and copy the private and public keys into jwt.io (using RSA256 option)

  4. Make sure you use the email address of the service account in iss field

  5. Here is the request in postman:

    curl --location --request POST 'https://oauth2.googleapis.com/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion='{generated jwt}'

next would be to make it entirely within Postman. I have not tried that but this post seems to be an option

Upvotes: 3

Related Questions