Google AI Predict API:网站匿名认证
[英]Google AI Predict API: anonymous authentication for website
问题描述
After reading each of these Q&As,
阅读完这些问答后,
- google api machine learning can I use an API KEY? google api 机器学习 我可以使用 API KEY 吗?
- how to use google AI platform online predictions?如何使用谷歌AI平台在线预测?
- How to authenticate GCP AI Platform Predictions using HTTP requests 如何使用 HTTP 请求对 GCP AI Platform Predictions 进行身份验证
I am still at a loss to know how to enable simple authentication for the AI Platform Predict API that doesn't need any sign-ins or OAuth screens.我仍然不知道如何为不需要任何登录或 OAuth 屏幕的 AI Platform Predict API 启用简单身份验证。
My scenario is the following: we have a static website which allows the user to enter some data, the website (client) sends the data to the model for prediction via the API, and when the results come back, the website shows them to the user.我的情况如下:我们有一个 static 网站,允许用户输入一些数据,网站(客户端)将数据发送到 model 进行预测,通过 API 网站显示结果,用户。 We don't want the user to have to sign in or identify themselves in any way.我们不希望用户必须以任何方式登录或表明自己的身份。 Just input some data, push a button, and get the results.只需输入一些数据,按下按钮,即可获得结果。
However, as far as I've been able to search, there is no way of doing this (the documentation on authentication is in my view confusing, there are multiple overlapping articles and it is difficult to determine what applies in a specific case);但是,据我所知,没有办法做到这一点(在我看来,关于身份验证的文档令人困惑,有多个重叠的文章,很难确定在特定情况下适用什么); you have to use some sort of OAuth which makes the user sign in with a Google account.您必须使用某种 OAuth 使用户使用 Google 帐户登录。
Is there really no way to have the website itself authenticated but not the individual users?真的没有办法让网站本身经过身份验证,而不是对个人用户进行身份验证吗? Eg using an API key or service account key?例如,使用 API 密钥或服务帐户密钥?
If OAuth is the only way, does that mean users who want to use the website must have a Google Account?如果 OAuth 是唯一的方法,这是否意味着想要使用该网站的用户必须拥有 Google 帐户? And how do I enable it: should I create an OAuth Client ID, or is it the OAuth consent screen?以及如何启用它:我应该创建一个 OAuth 客户端 ID,还是 OAuth 同意屏幕?
1 个解决方案
解决方案1
1 已采纳 2021-03-12 00:30:42
The recommended practice here is that all the OAuth should happen server-side , where the GCP Service Account JSON key is stored on some backend server.这里推荐的做法是所有 OAuth 都应该发生在服务器端,其中 GCP 服务帐户 JSON 密钥存储在某个后端服务器上。
I am going to answer your question by assuming that your website is hosted on App Engine , but your website could be hosted any where on other GCP products as Cloud Run or any other hosting providers.我将通过假设您的网站托管在App Engine上来回答您的问题,但是您的网站可以托管在其他 GCP 产品上的任何位置,例如Cloud Run或任何其他托管服务提供商。
- In backend webserver you can make the AI Platform predict request using Service Account JSON , then you would need to configure your website to talk to this backend.在后端网络服务器中,您可以使用服务帐户 JSON发出 AI Platform 预测请求,然后您需要配置您的网站以与该后端通信。
Website ----HTTP Request to App Engine URL------> App Engine (code---)--------> AI Platform
So the App Engine backend performs the authentication on behalf of the website client, as Lak clarifies here ;因此,App Engine 后端代表网站客户端执行身份验证,正如 Lak在这里阐明的那样; since the requests will be passing your GCP Service Acount JSON Key, then they gain access to send the specific HTTP requests to their backend server, which makes the AI Platform calls.由于这些请求将传递您的 GCP 服务帐户 JSON 密钥,因此他们有权将特定的 HTTP 请求发送到他们的后端服务器,从而进行 AI 平台调用。
In your case, you do not want the users to access your Google data, you simply want provide them access to your own AI Platform model.在您的情况下,您不希望用户访问您的 Google 数据,您只需让他们访问您自己的AI 平台 model。
Basically you can just use Client Library on server-side and it automatically does OAuth for you, as long as environment variable is set to Service Account key.
Note: You only need to do Google OAuth IF you want access to a person's Google resources (eg Google Doc, Calendar, GCP project, etc)注意:如果您想访问某人的 Google 资源(例如 Google Doc、Calendar、GCP 项目等),您只需要执行 Google OAuth
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.