Invalid JWT Signature

[Ronald Ruijs]

Hello,

I am trying to authenticate to the Google Cloud Platform as described here. As a Delphi developer, I do not have the luxury of a Google Client library, so I took the http/rest route.

So far, so good, except for the JWT signature, which Google says is invalid.

Anyone who knows how to generate a signature for the JWT using openssl? 

I tried the following:

I created a file jwt.txt according to the documentation, containing header.claims, base64-url encoded. 

Then, I executed the following openssl commands:

C:\OpenSSL-Win32\bin\openssl dgst -sha256 -sign my.pem jwt.txt > jwt.sig
C:\OpenSSL-Win32\bin\openssl base64 e < jwt.sig > jwt.b64

file jwt.b64 contains the signature in base64, which I URL-Encoded by replacing "+" and "/"  by respectively "-" and "_", and trimming the "=" characters at the end.

However, Google keeps complaining about "Invalid JWT Signature" when I post the signed JWT. All other  data I post seems to be OK, like grant-type, JWT header and JWT claims.

Ideas and suggestions are highly appreciated.

Best regards,

Ronald

[Yannick (Cloud Platform Support)]

Hello Ronald,

It sounds like this could be due to openssl inserting newlines every 64 characters. Based on the documentation I could find, [1][2] this is remedied by the -A option. This turned out to be the issue in a similar Stack Overflow question.

If that doesn't help I recommend you post your question on Stack Overflow using one of the tags monitored by our community technical support team where you are much more likely to receive proper help for this type of question, and post a link to it here.