Error “invalid_grant / Invalid JWT Signature.” to get the access token using Oauth

[Ayrton Proyectiva]

For a long time I have tried to solve this problem. I need to generate a token access with a service account to use the Google calendar application. First I do the JWT with the library firebase / php-jwt based on a pem certificate where it stores the private key provided by the Google service account After doing a curl in Google to get the aforementioned token, but it throws me the following error "" invalid_grant / Invalid JWT Signature "

$time = time();

$key = file_get_contents("./certs/certificado.pem");
$token = array(
    "iss" => "*****@*******.iam.gserviceaccount.com",
    "aud" => "https://www.googleapis.com/oauth2/v3/token",
    "iat" => $time,
    "exp" => $time+60,
    "scope" => "https://www.googleapis.com/auth/calendar.readonly"
);

$jwt = JWT::encode($token, $key);
$decoded = JWT::decode($jwt, $key, array('HS256'));
echo $jwt;
print_r($decoded);

$decoded_array = (array) $decoded;
$grant_type = "urn:ietf:params:oauth:grant-type:jwt-bearer";

JWT::$leeway = 600; 
$decoded = JWT::decode($jwt, $key, array('HS256'));

Example where I do the curl to Google to get the access token

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,"https://www.googleapis.com/oauth2/v3/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"grant_type=".urlencode($grant_type)."&assertion=".urlencode($jwt));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$headers = array();
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
curl_close ($ch);
echo($result);

Google gives the following error

{
  "error": "invalid_grant",
  "error_description": "Invalid JWT Signature."
}

[Ayrton Proyectiva]

[Nicolas (Google Cloud Platform Support)]

Hi Ayrton,

 

Thanks for reporting this, I can see this is a duplicate of another post . Please direct any further posts related to this matter as this discussion group is oriented more towards general opinions, trends, and issues of general nature touching Cloud Developers tools. 

 

For coding and programming architecture, such as access token, you may be better served in dedicated forums such as Stack Overflow, where experienced programmers are within reach and ready to help.