堆栈内存溢出
  简体   繁体   English

使用 Identity Aware Proxy 在 nodejs AppEngine 环境中获取用户 API 访问权限

[英]Getting Users API access in nodejs AppEngine environment with Identity Aware Proxy

 原文  2019-05-29 06:31:54       node.js/ google-app-engine/ google-cloud-platform/ google-iam/ google-iap

问题描述

I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto ).我在启用了 IAP 的 AppEngine 上部署了一个 nodejs 应用程序,所以现在对其端点的访问受到项目 IAM 之外的用户的保护,我得到了“x-goog-authenticated-user-id”、“x-goog-authenticated” -user-email" 和另一个 jwt 断言 x-goog 签名 header,就像它应该的那样(详见此处https://cloud.google.com/iap/docs/identity-howto )。

In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/ ), there seems to be no indication of what should be done there.在某些 AppEngine 环境中(到目前为止 Python、Java、Go),您似乎可以使用一些已经提供的库来获取有关用户 API 的用户的更多信息,但是 nodejs 页面被禁用(此处 为 https://cloud.google .com/appengine/docs/standard/python/users/ ),似乎没有迹象表明应该在那里做什么。 Any ideas?有任何想法吗?

If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?如果没有直接的解决方法,我是否可以拥有一个应用引擎环境,该环境还公开例如用户 API 的 Python 库,以便我可以环绕它们并在我的 nodejs 应用程序中使用它们?

2 个解决方案

解决方案1
 1  2019-05-29 17:24:45

The Users API isn't supported for Node.js . Node.js不支持 Users API。 Instead, you can get the identity from the x-goog-iap-jwt-assertion header . 相反,您可以从x-goog-iap-jwt-assertion标头中获取身份。

We don't currently have a code sample for Node.js, though this looks like one reasonable approach. 我们目前没有Node.js的代码示例,尽管看起来是一种合理的方法。 (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.) (免责声明:我不是Node用户,对Node JWT库的了解不足以特别认可其中的任何一个。)

解决方案2
 0  2022-05-24 09:07:13

Update for the current state:当前 state 的更新:

There is currently a Identity-Aware Proxy Documentation for Node JS.目前有一个 Node JS 的身份识别代理文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何为在 GKE 集群上运行的后端 API 服务设置 IAP(Identity Aware Proxy)身份验证 - How to set IAP (Identity Aware Proxy) authentication for back-end API service running on a GKE cluster 如何在允许所有用户和工作区访问权限的情况下使用 Google 身份识别代理登录? - How to use Google Identity Aware Proxy Sign In with allUser and Workspace access allowed? 使用 Identity Aware Proxy 隧道连接到 TPU - Use Identity Aware Proxy to tunnel to a TPU Google Cloud Identity Aware Proxy (IAP) 强制注销 - Google Cloud Identity Aware Proxy (IAP) Force logout 错误:通过 Cloud Identity-Aware Proxy 连接失败 - Error: Connection via Cloud Identity-Aware Proxy failed 通过 Cloud Identity-Aware 代理连接失败 - Connection via Cloud Identity-Aware Proxy Failed 启用身份感知代理可以控制对您的 openAPI 的访问吗? - Enable identity aware proxy can control acess to your openAPI? Google Cloud Platform 4003 中的身份识别代理错误 - Identity-Aware Proxy Error in Google Cloud Platform 4003 使用 Javascript 的 Amplify SDK 为未经授权的用户使用 Cognito 身份池访问 AWS API 网关方法 - Access AWS API Gateway method using Cognito Identity pool for unauthorized users using Amplify SDK for Javascript 由于缺少 api 代理,从 Google Appengine 发送电子邮件失败 - Sending emails from Google Appengine fails because of missing api proxy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM