[英]Getting Users API access in nodejs AppEngine environment with Identity Aware Proxy
I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto ).我在启用了 IAP 的 AppEngine 上部署了一个 nodejs 应用程序,所以现在对其端点的访问受到项目 IAM 之外的用户的保护,我得到了“x-goog-authenticated-user-id”、“x-goog-authenticated” -user-email" 和另一个 jwt 断言 x-goog 签名 header,就像它应该的那样(详见此处https://cloud.google.com/iap/docs/identity-howto )。
In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/ ), there seems to be no indication of what should be done there.在某些 AppEngine 环境中(到目前为止 Python、Java、Go),您似乎可以使用一些已经提供的库来获取有关用户 API 的用户的更多信息,但是 nodejs 页面被禁用(此处 为 https://cloud.google .com/appengine/docs/standard/python/users/ ),似乎没有迹象表明应该在那里做什么。 Any ideas?
有任何想法吗?
If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?如果没有直接的解决方法,我是否可以拥有一个应用引擎环境,该环境还公开例如用户 API 的 Python 库,以便我可以环绕它们并在我的 nodejs 应用程序中使用它们?
The Users API isn't supported for Node.js . Node.js不支持 Users API。 Instead, you can get the identity from the
x-goog-iap-jwt-assertion
header . 相反,您可以从
x-goog-iap-jwt-assertion
标头中获取身份。
We don't currently have a code sample for Node.js, though this looks like one reasonable approach. 我们目前没有Node.js的代码示例,尽管这看起来是一种合理的方法。 (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)
(免责声明:我不是Node用户,对Node JWT库的了解不足以特别认可其中的任何一个。)
Update for the current state:当前 state 的更新:
There is currently a Identity-Aware Proxy Documentation for Node JS.目前有一个 Node JS 的身份识别代理文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.