[英]How to do authentication check in Python library from Google Cloud Endpoints on GAE standard
I'm trying to implement service-to-service authentication to Google Cloud Endpoints API using Google Service account, but get the following error. 我正在尝试使用Google Service帐户对Google Cloud Endpoints API实施服务到服务的身份验证,但是出现以下错误。
Cannot decode and verify the auth token. The backend will not be able to retrieve user info (.../lib/endpoints_management/control/wsgi.py:596)
Traceback (most recent call last):
File ".../lib/endpoints_management/control/wsgi.py", line 593, in __call__
service_name)
File ".../lib/endpoints_management/auth/tokens.py", line 81, in authenticate
error)
UnauthenticatedException: (u'Cannot decode the auth token', UnicodeDecodeError('ascii', '\xc9\xad\xbd', 0, 1, 'ordinal not in range(128)'))
Value of auth_token variable passed to self.get_jwt_claims(auth_token) is : 传递给self.get_jwt_claims(auth_token)的auth_token变量的值为:
ya29.ElmlBB1mwIfrsnURUIQg0Nv6v5UPzFR02miD4w_VywMSlWGDstpmmc5vPsmUqt5rCcho797B1HeEOgT0UBQiVfv9dlsfxSMLRf67SGwX0ceK5uTujj4_tSUXog
Looks like endpoints library is trying to decode auth_token as jwt, but auth_token is not jwt. 看起来端点库正在尝试将auth_token解码为jwt,但是auth_token不是jwt。 But maybe I'm wrong.
但是也许我错了。 Same problem occurs when I'm trying to test API using API Explorer.
当我尝试使用API Explorer测试API时,会发生相同的问题。 This happens with the latest endpoints and also with older version.
最新的端点和较旧的版本都会发生这种情况。
Here is my API class: 这是我的API类:
@endpoints.api(
name='myapi',
version='v1',
api_key_required=True,
auth_level=endpoints.AUTH_LEVEL.REQUIRED,
scopes=(
endpoints.EMAIL_SCOPE,
),
)
class MyApi(remote.Service):
...
And this is how i I'm accessing the API: 这就是我访问API的方式:
credentials = ServiceAccountCredentials.from_json_keyfile_dict(
json.loads(json_keyfile_data),
scopes='https://www.googleapis.com/auth/userinfo.email',
)
service = build(
name, version,
http=credentials.authorize(Http()),
discoveryServiceUrl=discovery_url)
...
Am I doing something from or is there a bug in Python endpoints library? 我是从Python端点库中做某事还是有bug?
Google Cloud Endpoints expects JWT id_token, that's the reason why self.get_jwt_claims(auth_token) fails. Google Cloud Endpoints期望使用JWT id_token,这就是self.get_jwt_claims(auth_token)失败的原因。 Here is in-depth explanation of service-to-service authentication: https://cloud.google.com/endpoints/docs/service-to-service-auth .
这是服务到服务身份验证的深入说明: https : //cloud.google.com/endpoints/docs/service-to-service-auth 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.