[英]How do I use the Google API Explorer to test my own App Engine Endpoints using OAuth?
I have an Endpoints API deployed on App Engine. 我在App Engine上部署了Endpoints API。 I have no problem using the Google API Explorer to make requests to API methods that do NOT require being logged in. The URL I'm using for that is:
我使用Google API资源管理器向不需要登录的API方法发出请求没有问题。我使用的URL是:
https://developers.google.com/apis-explorer/?base=https://[MY_APP_ID].appspot.com/_ah/api https://developers.google.com/apis-explorer/?base=https://[MY_APP_ID].appspot.com/_ah/api
Where I am stuck is calling API methods that require the user to be logged in, such as this one: 我遇到的问题是调用需要用户登录的API方法,例如:
@ApiMethod(name = "config.get",
clientIds = {"[MY_CLIENT_ID].apps.googleusercontent.com", "com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID"},
audiences = {"[MY_APP_ID].appspot.com"},
scopes = {"https://www.googleapis.com/auth/userinfo.email"})
public Config getConfig(User user) throws OAuthRequestException {
log.fine("user: " + user);
if (user == null) {
throw new OAuthRequestException("You must be logged in in order to get config.");
}
if (!userService.isUserAdmin()) {
throw new OAuthRequestException("You must be an App Engine admin in order to get config.");
}
...
On the API Explorer there's a switch top right that, when clicked, allows me to specify scopes and authorise. 在API资源管理器上有一个右上角的开关,当单击它时,允许我指定范围和授权。 I'm doing that with just the userinfo.email scope checked.
我只是检查了userinfo.email范围。 It makes no difference.
这没什么区别。 The response I get from my call is:
我从电话中得到的回应是:
503 Service Unavailable
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "java.lang.IllegalStateException: The current user is not logged in."
}
],
"code": 503,
"message": "java.lang.IllegalStateException: The current user is not logged in."
}
}
Back when Endpoints was in Trusted Tester phase, I remember there being a manual step in the OAuth2 Playground to get an ID token instead of an access token or some such thing. 当Endpoints处于Trusted Tester阶段时,我记得在OAuth2 Playground中有一个手动步骤来获取ID令牌而不是访问令牌或某些此类东西。 If that is still required, any mention of that seems to have disappeared from the Endpoints docs now and I see now way to swap out tokens in the API Explorer either.
如果仍然需要,那么现在任何提及它的内容似乎都已从Endpoints文档中消失了,我现在看到了在API Explorer中交换令牌的方法。
I see you've got "com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID"
in quotes. 我看到你的引号中有
"com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID"
。 If that's not a typo in your transcription to Stack Overflow, that's a problem. 如果这不是你的Stack Overflow转录中的拼写错误,那就是一个问题。 The value is already a string, so you're just passing in the text
com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID
(not the actual client ID) as the whitelisted scope. 该值已经是一个字符串,因此您只需将文本
com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID
(不是实际的客户端ID)作为白名单范围传递。 That won't work. 那不行。 Try this instead:
试试这个:
@ApiMethod(name = "config.get",
clientIds = {"[MY_CLIENT_ID].apps.googleusercontent.com", com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID},
audiences = {"[MY_APP_ID].appspot.com"},
scopes = {"https://www.googleapis.com/auth/userinfo.email"})
Edit : isUserAdmin
is unsupported within Endpoints, and is likely a secondary cause of error. 编辑 :端点内不支持
isUserAdmin
,可能是导致错误的次要原因。 I'd suggest filing a feature request for supporting this method on the provided User object (we likely won't provide support for the user service itself, so it's separate from OAuth login.) 我建议在提供的User对象上提交支持此方法的功能请求(我们可能不会为用户服务本身提供支持,因此它与OAuth登录分开。)
I don't know when this was introduced, but if you use OAuth2, instead of UserService.isUserAdmin()
you can use OAuthServiceFactory.getOAuthService().isUserAdmin(EMAIL_SCOPE)
where EMAIL_SCOPE
is " https://www.googleapis.com/auth/userinfo.email ". 我不知道什么时候引入,但是如果你使用OAuth2而不是
UserService.isUserAdmin()
你可以使用OAuthServiceFactory.getOAuthService().isUserAdmin(EMAIL_SCOPE)
,其中EMAIL_SCOPE
是“ https://www.googleapis.com/ auth / userinfo.email “。
This makes it easy to use the old OpenId or OAUth2: 这使得使用旧的OpenId或OAUth2变得容易:
boolean isAdmin = false;
try {
isAdmin = userService.isUserAdmin());
} catch (IllegalStateException e1) {
try {
isAdmin = OAuthServiceFactory.getOAuthService().isUserAdmin(EMAIL_SCOPE);
} catch (Exception e2) {}
}
The original question was asked several years ago, but maybe this will help others. 几年前问过原来的问题,但也许这会对其他人有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.