用于Appengine的OAuth2身份验证停止工作
[英]OAuth2 authentication for appengine stopped working
问题描述
I have a periodic job that pulls data from my appengine datastore using remote api. 
我有一个定期工作,可以使用远程api从我的appengine数据存储中提取数据。 This job suddenly stopped working because google decided not to like my server anymore. 这项工作突然停止了工作,因为Google决定不再喜欢我的服务器。 It works on my machine, though. 不过,它可以在我的机器上运行。
Here's what happens in a python shell on my machine: 这是我机器上的python shell中发生的情况:
$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from google.appengine.ext.remote_api import remote_api_stub
>>> app = 'qmagicobr2.appspot.com'
>>> remote_api_stub.ConfigureRemoteApiForOAuth(app, '/_ah/remote_api')
<google.appengine.tools.appengine_rpc_httplib2.HttpRpcServerOAuth2 object at 0x7f5cdfac61d0>
>>>
And here's what happens with the same code on my server 这就是我服务器上相同代码的情况
(qmbi)dashboard@ip-172-31-32-222:~/qmbi$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from google.appengine.ext.remote_api import remote_api_stub
>>> app = 'qmagicobr2.appspot.com'
>>> remote_api_stub.ConfigureRemoteApiForOAuth(app, '/_ah/remote_api')
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.apis+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&client_id=None&access_type=offline
Enter verification code:
When I go to the URL above I get an error page that says: 当我转到上面的URL时,出现错误页面,显示:
- That's an error.
Help? 救命?
---- UPDATE (2016-05-12) ----- ----更新(2016-05-12)-----
I forgot to mention the authentication file I'm using. 我忘了提及我正在使用的身份验证文件。 For ConfigureRemoteApiForOAuth to work I need to have an environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to a credentials file. 为了使ConfigureRemoteApiForOAuth能够正常工作,我需要一个环境变量GOOGLE_APPLICATION_CREDENTIALS指向凭据文件。 I do. 我做。 In both environments (my machine, and the server) GOOGLE_APPLICATION_CREDENTIALS points to a json file (the same file in both environments) with the following format: 在两种环境(我的机器和服务器)中, GOOGLE_APPLICATION_CREDENTIALS指向json文件(两种环境中的文件均相同),格式如下:
{
"type": "service_account",
"project_id": "qmagicobr2",
"private_key_id": "000000000000000000000000000000000000000",
"private_key": "-----BEGIN PRIVATE KEY-----\nAAAAAAAAAAAAAAAAAAAAAAA....AAAA\n-----END PRIVATE KEY-----\n",
"client_email": "dashboard@qmagicobr2.iam.gserviceaccount.com",
"client_id": "0000000000000000000000",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dashboard%40qmagicobr2.iam.gserviceaccount.com"
}
This file was generated using Appengine's developer console, under "Credentials / Service Account Keys / Manage Service accounts" 该文件是使用Appengine的开发者控制台在“凭据/服务帐户密钥/管理服务帐户”下生成的
1 个解决方案
解决方案1
2 已采纳 2016-05-12 00:51:08
So I just tested this particular use case and the fact that client id is none reveals a lot. 因此,我只是测试了这个特殊的用例,而客户端ID完全none的事实揭示了很多。
ConfigureRemoteApiForOAuth accepts using a service account with a key file, providing oauth2 params as an appengine_rpc_httplib2.HttpRpcServerOAuth2.OAuth2Parameters object where you can specify the client id , secret , scope etc. OAuth2Parameters Doc ConfigureRemoteApiForOAuth接受使用带有密钥文件的服务帐户,并提供oauth2参数作为appengine_rpc_httplib2.HttpRpcServerOAuth2.OAuth2Parameters对象,您可以在其中指定client id , secret , scope等。OAuth2Parameters Doc
But the easiest way to mitigate the situation though is to use the gcloud tool to properly authenticate your server: 但是,减轻这种情况的最简单方法是使用gcloud工具来正确认证您的服务器:
gcloud auth login
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.