mirror of
https://github.com/urbit/shrub.git
synced 2024-12-18 15:55:00 +03:00
-get-gcp-jwt: produces an access token
The correct scope to ask for is not devstorage.editor, but cloud-platform. This will, rather than returning a signed JWT from Google that looks like it works but doesn't, return a JSON object containing an access token and expiration time.
This commit is contained in:
parent
860343e3d4
commit
d978e6a551
@ -33,11 +33,11 @@
|
||||
=/ sot=@t
|
||||
%: self-jwt
|
||||
key kid iss
|
||||
'https://www.googleapis.com/auth/devstorage.editor'
|
||||
'https://www.googleapis.com/auth/cloud-platform'
|
||||
aud now.bowl
|
||||
==
|
||||
;< jot=@t bind:m (sign-jwt sot aud)
|
||||
(pure:m !>(jot))
|
||||
;< p=[tok=@t exp=@da] bind:m (sign-jwt sot aud)
|
||||
(pure:m !>(p))
|
||||
::
|
||||
++ read-setting
|
||||
|= key=term
|
||||
@ -99,7 +99,7 @@
|
||||
::
|
||||
++ sign-jwt
|
||||
|= [jot=@t url=@t]
|
||||
=/ m (strand @t) ^- form:m
|
||||
=/ m (strand ,[@t @da]) ^- form:m
|
||||
;< ~ bind:m
|
||||
%: send-request:strandio
|
||||
method=%'POST'
|
||||
@ -124,8 +124,11 @@
|
||||
?~ jon
|
||||
(strand-fail:strandio %bad-body ~[body])
|
||||
=* job u.jon
|
||||
%- pure:m
|
||||
~| job
|
||||
=, dejs:format
|
||||
%- (ot 'id_token'^so ~)
|
||||
job
|
||||
=/ [typ=@t exp=@da tok=@t]
|
||||
((ot 'token_type'^so 'expires_in'^du 'access_token'^so ~) job)
|
||||
?> =('Bearer' typ)
|
||||
%- pure:m
|
||||
[tok exp]
|
||||
--
|
||||
|
Loading…
Reference in New Issue
Block a user