[英]Custom Identity Provider on Google Cloud
I'm a beginner when it comes to Google Cloud. 我是Google Cloud的初学者。 I have only worked with AWS before, but for this purpose I want to give Google Cloud a try.
我以前只使用过AWS,但是为此,我想尝试一下Google Cloud。 I want to create an application where I don't have human users, but instead there are multiple instances of the same client application trying to access the pub/sub service.
我想创建一个没有人类用户的应用程序,但是同一客户端应用程序有多个实例试图访问发布/订阅服务。 I would like each one of these users to come to register with my cloud function, which in return will:
我希望这些用户中的每一个都可以向我的云功能注册,作为回报,该功能将:
How should I handle the authentication in this case? 在这种情况下应如何处理身份验证? Should I create service credentials for each one of the clients?
我应该为每个客户端创建服务凭证吗? Or is there a way to provide a custom Identity Provider?
还是有提供自定义身份提供者的方法?
The first question is answered in this answer . 第一个问题是在回答这个答案 。
For the second one, the best way is for the user to be identified with Google oauth (aka a Google account). 对于第二种方法,最好的方法是使用Google oauth(又称Google帐户)识别用户。
When you create the pub/sub topic for this user, you should have already identified them, so you can set the proper permissions on the thread. 为该用户创建pub / sub主题时,您应该已经识别了它们,因此可以在线程上设置适当的权限。 Then, the user can simply call the pub/sub endpoint identified.
然后,用户可以简单地调用所标识的发布/订阅端点。
GCF, GAE apps, apps running on GKE, ... all of those have service accounts associated with them, so there should not be a problem to properly identify each client app running there. GCF,GAE应用程序,在GKE上运行的应用程序,...所有这些都具有与之关联的服务帐户,因此正确识别在此运行的每个客户端应用程序应该没有问题。
If those users don't have an account (eg the client app is running outside of GCP), you can ask your human users (the ones running the client apps) to either: 如果这些用户没有帐户(例如,客户端应用程序在GCP之外运行),则可以要求人类用户(运行客户端应用程序的用户)执行以下任一操作:
If those are not options, you can create a service account for each of your users, and provide the proper service account key file to each client. 如果不是这些选项,则可以为每个用户创建一个服务帐户,并向每个客户端提供正确的服务帐户密钥文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.