From 1f998c254937dd147fc7ea1082ecc8b07df6d5d7 Mon Sep 17 00:00:00 2001 From: dwindown Date: Tue, 23 Dec 2025 11:08:36 +0700 Subject: [PATCH] Fix private key import for JWT signing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use importPKCS8 to convert private key string to CryptoKey - Pass CryptoKey to SignJWT.sign() instead of string - Fix 'Key for RS256 algorithm must be CryptoKey' error 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- supabase/functions/create-google-meet-event/index.ts | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/supabase/functions/create-google-meet-event/index.ts b/supabase/functions/create-google-meet-event/index.ts index 82fd072..1829623 100644 --- a/supabase/functions/create-google-meet-event/index.ts +++ b/supabase/functions/create-google-meet-event/index.ts @@ -30,11 +30,17 @@ interface CreateMeetRequest { // Function to create JWT and get access token async function getGoogleAccessToken(serviceAccount: GoogleServiceAccount): Promise { try { - // Import JWT sign function from jose - const { SignJWT } = await import("https://deno.land/x/jose@v4.15.1/index.ts"); + // Import JWT and crypto utilities + const { SignJWT, importPKCS8 } = await import("https://deno.land/x/jose@v4.15.1/index.ts"); const now = Math.floor(Date.now() / 1000); + // Convert private key string to CryptoKey + const privateKey = await importPKCS8(serviceAccount.private_key, { + algorithm: 'RS256', + keyId: serviceAccount.private_key_id, + }); + // Create and sign JWT const token = await new SignJWT({ iss: serviceAccount.client_email, @@ -44,7 +50,7 @@ async function getGoogleAccessToken(serviceAccount: GoogleServiceAccount): Promi iat: now, }) .setProtectedHeader({ alg: 'RS256', kid: serviceAccount.private_key_id }) - .sign(serviceAccount.private_key); + .sign(privateKey); // Exchange JWT for access token const response = await fetch(serviceAccount.token_uri, {