Private/NewJWTToken.ps1
|
# New-JwtToken # -Algorithm RS256 # -Secret $rsa # -KeyId 'xxx' # -Audience "https://oauth2.googleapis.com/token" # -Expiration 3600 # -Issuer ps-xxxxxxxxgserviceaccount.com # -Scope 'https://www.googleapis.com/auth/drive' function NewJWTToken { [CmdletBinding()] [OutputType([String])] param( [Parameter(Mandatory)] [string]$Issuer, [string]$KeyId, [string]$ImpersonationUser, [Parameter(Mandatory)] $RSA, [ValidateRange(1,3600)] [int]$ExpirationSec = 3600 ) $Header = @{ alg = 'RS256' typ = 'JWT' kid = $KeyId } $iat = [DateTimeOffset]::UtcNow $exp = $iat.AddSeconds($ExpirationSec) $Payload = @{ iss = $Issuer iat = $iat.ToUnixTimeSeconds() exp = $exp.ToUnixTimeSeconds() aud = $GDriveOAuth2Audience scope = $GDriveAuthScope } if($ImpersonationUser) { $Payload.sub = $ImpersonationUser } $Header = $Header | ConvertTo-Json -Compress $Payload = $Payload | ConvertTo-Json -Compress Write-Verbose $Payload $EncodedHeader = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Header)).Split('=')[0].Replace('+', '-').Replace('/', '_') $EncodedPayload = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Payload)).Split('=')[0].Replace('+', '-').Replace('/', '_') $ToBeSigned = "$EncodedHeader.$EncodedPayload" $ToSign = [System.Text.Encoding]::UTF8.GetBytes($ToBeSigned) $SigningAlgorithm = [Security.Cryptography.HashAlgorithmName]::SHA256 $Signature = $RSA.SignData($ToSign, $SigningAlgorithm, [Security.Cryptography.RSASignaturePadding]::Pkcs1) $Signature = [Convert]::ToBase64String($Signature).Split('=')[0].Replace('+', '-').Replace('/', '_') $Token = "$EncodedHeader.$EncodedPayload.$Signature" $Token } |