Fix private key import for JWT signing

- Use importPKCS8 to convert private key string to CryptoKey - Pass CryptoKey to SignJWT.sign() instead of string - Fix 'Key for RS256 algorithm must be CryptoKey' error 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-23 11:08:36 +07:00
parent fa1064daac
commit 1f998c2549
1 changed files with 9 additions and 3 deletions
--- a/supabase/functions/create-google-meet-event/index.ts
+++ b/supabase/functions/create-google-meet-event/index.ts
@@ -30,11 +30,17 @@ interface CreateMeetRequest {
 // Function to create JWT and get access token
 async function getGoogleAccessToken(serviceAccount: GoogleServiceAccount): Promise<string> {
  try {
-    // Import JWT sign function from jose
-    const { SignJWT } = await import("https://deno.land/x/jose@v4.15.1/index.ts");
+    // Import JWT and crypto utilities
+    const { SignJWT, importPKCS8 } = await import("https://deno.land/x/jose@v4.15.1/index.ts");

    const now = Math.floor(Date.now() / 1000);

+    // Convert private key string to CryptoKey
+    const privateKey = await importPKCS8(serviceAccount.private_key, {
+      algorithm: 'RS256',
+      keyId: serviceAccount.private_key_id,
+    });
+
    // Create and sign JWT
    const token = await new SignJWT({
      iss: serviceAccount.client_email,
@@ -44,7 +50,7 @@ async function getGoogleAccessToken(serviceAccount: GoogleServiceAccount): Promi
      iat: now,
    })
      .setProtectedHeader({ alg: 'RS256', kid: serviceAccount.private_key_id })
-      .sign(serviceAccount.private_key);
+      .sign(privateKey);

    // Exchange JWT for access token
    const response = await fetch(serviceAccount.token_uri, {