堆栈内存溢出
  简体   繁体   English

使用 JWT 和 python 为 Google Bigquery 创建访问令牌

[英]Create access token for Google Bigquery using JWT with python

 原文  2022-07-19 11:57:23       python/ authentication/ google-bigquery/ jwt

问题描述

I am trying to get access token for bigquery using JWT method with python.我正在尝试使用带有 python 的 JWT 方法获取 bigquery 的访问令牌。 New access token will be used to access bigquery.新的访问令牌将用于访问 bigquery。 But while trying to get new access token it is showing error 401. I am not sure how to resolve this error.但是在尝试获取新的访问令牌时,它显示错误 401。我不确定如何解决此错误。 Following files I have used to create the scenario.以下文件是我用来创建场景的。

jwt.py jwt.py

import google.auth.jwt as jwt
import google.auth.crypt
import time
import json
import requests


now = int(time.time())
sa_email = ''# service account
audience = 'https://www.googleapis.com/auth/bigquery'
sa_keyfile = 'key.json'
# build payload
payload = {
    'iat': now,
    # expires after 'expiry_length' seconds.
    "exp": now + 3600,
    'iss': sa_email,
    'aud': audience,
    'sub': sa_email,
    'email': sa_email
}

# sign with keyfile
signer = google.auth.crypt.RSASigner.from_service_account_file(sa_keyfile)
jwt = google.auth.jwt.encode(signer, payload)
print(jwt)
headers = {
        'Authorization': 'Bearer {}'.format(jwt.decode('utf-8')),
        'Content-type': 'application/json',
        'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer'
    }

url = 'https://www.googleapis.com/bigquery/v2/projects'
response = requests.get(url, headers=headers)
print(response)
print(response.status_code, response.content)
token = response.json()['access_token']
print('token : ', token)
response.raise_for_status()

requirements.txt要求.txt

asttokens==2.0.5
backcall==0.2.0
cachetools==5.2.0
certifi==2022.6.15
charset-normalizer==2.1.0
click==8.1.3
debugpy==1.6.2
decorator==5.1.1
entrypoints==0.4
executing==0.8.3
Flask==2.1.2
google-auth==2.9.1
idna==3.3
importlib-metadata==4.12.0
ipykernel==6.15.1
ipython==8.4.0
itsdangerous==2.1.2
jedi==0.18.1
Jinja2==3.1.2
jupyter-client==7.3.4
jupyter-core==4.11.1
MarkupSafe==2.1.1
matplotlib-inline==0.1.3
nest-asyncio==1.5.5
packaging==21.3
parso==0.8.3
pexpect==4.8.0
pickleshare==0.7.5
prompt-toolkit==3.0.30
psutil==5.9.1
ptyprocess==0.7.0
pure-eval==0.2.2
pyasn1==0.4.8
pyasn1-modules==0.2.8
Pygments==2.12.0
pyparsing==3.0.9
python-dateutil==2.8.2
pyzmq==23.2.0
requests==2.28.1
rsa==4.8
six==1.16.0
stack-data==0.3.0
tornado==6.2
traitlets==5.3.0
urllib3==1.26.10
wcwidth==0.2.5
Werkzeug==2.1.2
zipp==3.8.0

But I am getting this error :但我收到此错误:

<Response [401]>
401 b'{\n  "error": {\n    "code": 401,\n    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",\n    "errors": [\n      {\n        "message": "Invalid Credentials",\n        "domain": "global",\n        "reason": "authError",\n        "location": "Authorization",\n        "locationType": "header"\n      }\n    ],\n    "status": "UNAUTHENTICATED"\n  }\n}\n'
token :  {'error': {'code': 401, 'message': 'Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.', 'errors': [{'message': 'Invalid Credentials', 'domain': 'global', 'reason': 'authError', 'location': 'Authorization', 'locationType': 'header'}], 'status': 'UNAUTHENTICATED'}}
Traceback (most recent call last):
  File "test4.py", line 39, in <module>
    response.raise_for_status()
  File "/workspace/datastudio-poc/.env/lib/python3.8/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://www.googleapis.com/bigquery/v2/projects

Please suggest something and thank you in advance.请提出一些建议,并在此先感谢您。

1 个解决方案

解决方案1
 0  2022-07-22 05:58:39

JWT tokens are used to authenticate users in GCP where a client application sends JSON Web Token for authentication. JWT 令牌用于在 GCP 中对用户进行身份验证,其中客户端应用程序发送 JSON Web 令牌进行身份验证。 For creating JWT tokens, you can follow this documentation .要创建 JWT 令牌,您可以遵循此文档

According to the error mentioned, you can first try validating the JWT token whether the token contains valid JSON or not for which you can use jwt.io .根据提到的错误,您可以首先尝试验证 JWT 令牌是否包含有效的 JSON,您可以使用jwt.io You need to make an authenticated request to API by creating a JWT and sign it with service accounts private key and send the signed JWT as a request to the API.您需要通过创建 JWT 向 API 发出经过身份验证的请求,并使用服务帐户私钥对其进行签名,并将签名的 JWT 作为请求发送到 API。 For more details, you can check this link .有关更多详细信息,您可以查看此链接

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 python 创建签名的 JWT 令牌 - How to create a signed JWT token using python 如何使用 Flask-JWT-Extended 的 create_access_token() 设置 JWT 的“iss”声明 - How to set the 'iss' claim of JWT using Flask-JWT-Extended's create_access_token() 使用 Google BigQuery 的 Python 客户端创建无聚合的物化视图 - Create materialized view without aggregation using Python Client for Google BigQuery Python手动创建没有库的jwt令牌 - Python manually create jwt token without library 使用 Google BigQuery Python 库创建或替换表 - CREATE OR REPLACE TABLE using the Google BigQuery Python library 如何以编程方式创建谷歌云存储访问令牌 python - How to create Google Cloud storage access token programmatically python Python 使用 JOSE 模块解码 jwt 令牌 - Python decode jwt token USING JOSE module Db2 ibm_db (Python):如何使用 JWT 访问令牌进行连接? - Db2 ibm_db (Python): How to connect using a JWT access token? flask_jwt_extended 中的字典 create_access_token - dictionary in flask_jwt_extended create_access_token 使用Python请求库获取Google的访问令牌 - Get access token for google by using Python requests library
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM